Bug#847666: asterisk: AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Dec 12 10:34:06 UTC 2016
On Sat, Dec 10, 2016 at 03:52:26PM +0100, Salvatore Bonaccorso wrote:
> Source: asterisk
> Version: 1:13.12.2~dfsg-1
> Severity: grave
> Tags: security upstream patch
> Forwarded: https://issues.asterisk.org/jira/browse/ASTERISK-26579
>
> Hi
>
> AST-2016-008 was announced at
>
> http://downloads.asterisk.org/pub/security/AST-2016-008.html
>
> referencing patches as well for the 13.x release series.
>
> https://issues.asterisk.org/jira/browse/ASTERISK-26579
>
> No CVE is assigned yet for this issue.
I have not yet tested our version. Note that we have our own changes in
exactly the same area. Upstream later added two new bug fixes to the
2c031b6 and fa52ecb. Of those two fa52ecb turned out to be security
issue.
At first glance I believe our code is not volnurable to this one. But I
haven't tested it yet.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
More information about the Pkg-voip-maintainers
mailing list