[Bug 1022360] Re: (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions

Bug Watch Updater 1022360 at bugs.launchpad.net
Sun Jul 8 20:26:38 UTC 2012 

Launchpad has imported 3 comments from the remote bug at
https://bugs.gentoo.org/show_bug.cgi?id=425050.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2012-07-06T12:32:21+00:00 J-ago wrote:

http://downloads.asterisk.org/pub/security/AST-2012-010.html
http://downloads.asterisk.org/pub/security/AST-2012-011.html

Please bump 1.8.13.1

Reply at:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/comments/0

------------------------------------------------------------------------
On 2012-07-06T13:26:46+00:00 Chainsaw wrote:

+*asterisk-10.5.2 (06 Jul 2012)
+*asterisk-1.8.13.1 (06 Jul 2012)
+
+  06 Jul 2012; Tony Vroon <chainsaw at gentoo.org> -asterisk-1.8.13.0.ebuild,
+  -asterisk-1.8.13.0-r1.ebuild, +asterisk-1.8.13.1.ebuild,
+  -asterisk-10.5.1.ebuild, +asterisk-10.5.2.ebuild:
+  Upgrades on the 1.8 & 10 branches to address a potential resource leak when a
+  re-invite transaction is not completed (AST-2012-010) and on the 1.8 branch
+  only for a remote crash vulnerability in the voicemail application
+  (AST-2012-011). Both covered under CVE-2012-3812. Removed any non-stable
+  vulnerable ebuild.

Arches, please test and mark stable:
=net-misc/asterisk-1.8.13.1

Last arch, please remove:
=net-misc/asterisk-1.8.12.1

Reply at:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/comments/1

------------------------------------------------------------------------
On 2012-07-06T15:10:02+00:00 J-ago wrote:

amd64 stable

Reply at:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/comments/2


** Changed in: asterisk (Debian)
       Status: Unknown => Fix Committed

** Changed in: gentoo
   Importance: Unknown => Low

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/1022360

Title:
  (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in
  voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk:
  Possible resource leak on uncompleted re-invite transactions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/+subscriptions

More information about the Ubuntu-server-bugs mailing list