Bug#847635: AST-2016-009: SIP header whitespace with proxy

Bernhard Schmidt berni at debian.org
Sat Dec 10 20:46:23 UTC 2016


Control: forcemerge 847668 -1

On Fri, Dec 09, 2016 at 11:30:27PM -0500, Dara Adib wrote:

Hello Dara,

> Package: asterisk
> Version: 1:11.13.1~dfsg-2+deb8u1
> Severity: important
> Tags: security patch
> 
> https://security-tracker.debian.org/tracker/TEMP-0000000-5567B0
> http://downloads.asterisk.org/pub/security/AST-2016-009.html
> 
> I believe this is the patch:
> https://gerrit.asterisk.org/4587

Thanks for the report. Salvatore from the Debian Security team has
already filed a report as well
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668), I'm merging
those bugs.

The Debian Security team thinks that this bug does not warrant an
immediate security update. I tend to agree, since the circumstances of
this to be exploitable are very special.

Do you agree? We will likely still fix it in Jessie in a point release,
and we will definitely fix this in time for Stretch (Asterisk 13.13.x
had a few issues here, thus Stretch has not been upgraded to fixed
version yet).

Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20161210/5242b657/attachment-0001.sig>


More information about the Pkg-voip-maintainers mailing list