Package: asterisk Version: 1:1.6.2.9-2 Justification: user security hole Severity: grave Tags: security patch upstream
*** Please type your report below this line *** The Asterisk project has reported security advisory ASA-2011-011 http://downloads.asterisk.org/pub/security/AST-2011-001.html (No CVE ATM) "When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. " Caller ID information may be provided by remote users. The advisory details potential workaround in the dialplan, but applying it varies greatly on different configurations. Issue applies both to the Lenny and Squeeze packages. For patches: http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8708 (Squeeze) http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8711 (Lenny) -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best [email protected] | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
