Your message dated Sat, 01 Sep 2012 13:17:48 +0000 with message-id <e1t7na8-0001vh...@franck.debian.org> and subject line Bug#680470: fixed in asterisk 1:1.8.13.1~dfsg-1 has caused the Debian Bug report #680470, regarding Two security issues: AST-2012-010 / AST-2012-011 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 680470: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: asterisk Severity: grave Tags: security http://downloads.asterisk.org/pub/security/AST-2012-010.html (no CVE yet) http://downloads.asterisk.org/pub/security/AST-2012-011.html (CVE-2012-3812) 1.6 is not mentioned in the "Affected versions", but I haven't validated whether because it's no longer supported/tracked upstream or because the issues are not present. Can you double-check? For sid/wheezy, please remember that we're in freeze and only isolated fixes are to be made instead of updating to a new full upstream release. Once you've uploaded, please send an unblock request by filing a bug against the release.debian.org pseudo package. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:1.8.13.1~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 680...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Tzafrir Cohen <tzaf...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 01 Sep 2012 04:44:12 +0300 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source all amd64 Version: 1:1.8.13.1~dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Tzafrir Cohen <tzaf...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX Closes: 680470 Changes: asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low . * New upstream release (Closes: #680470): - Fixes AST-2012-010 (CVE-2012-3863). - Fixes AST-2012-011 (CVE-2012-38612). * Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR * Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls by some IAX2 peers. Checksums-Sha1: 666cbe474f86bce99b902789f6aa8b991c13024a 2997 asterisk_1.8.13.1~dfsg-1.dsc af724706092e1799a91a1f26f146f27af350a2f8 7454524 asterisk_1.8.13.1~dfsg.orig.tar.gz 58f44aab767deb4070a1bfc8a7737e7915bac8c5 352734 asterisk_1.8.13.1~dfsg-1.debian.tar.gz a4dd43fcefc27138361103444ecea333fb533ee6 1988602 asterisk-doc_1.8.13.1~dfsg-1_all.deb dd7f48d872affbe8d3cbad9297876b10d27c25ff 957660 asterisk-dev_1.8.13.1~dfsg-1_all.deb 675e18181804f1e054f7c6c7d01df1cd65a14c08 1003256 asterisk-config_1.8.13.1~dfsg-1_all.deb 2def5e6981b17bd209244620f733073429b253b9 1770986 asterisk_1.8.13.1~dfsg-1_amd64.deb 02c6da6faf9b1f7b1493a04c85b466114f8ae041 2831776 asterisk-modules_1.8.13.1~dfsg-1_amd64.deb 5512aae6b8a00f41daae445c3831b6ecb56040b0 922740 asterisk-dahdi_1.8.13.1~dfsg-1_amd64.deb e192d8fab682b7d5c6d8935589f0606e285c3ace 692932 asterisk-voicemail_1.8.13.1~dfsg-1_amd64.deb e941a19804890541bd26174c371cc1e1b457d0d6 710168 asterisk-voicemail-imapstorage_1.8.13.1~dfsg-1_amd64.deb 1af68c73af687986ce233ceb75b972c392bf55ad 698998 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg-1_amd64.deb d9ddea45d714af1e0ef8201ab12598269f59c7ce 1037196 asterisk-ooh323_1.8.13.1~dfsg-1_amd64.deb b491ce98a896a24c7e5e20e5e6404766110923b4 632382 asterisk-mp3_1.8.13.1~dfsg-1_amd64.deb a8c145cdf144e9222f1f4831e45ef7153581a182 658484 asterisk-mysql_1.8.13.1~dfsg-1_amd64.deb dfb163bc73433b905741484b01d6fc8bcdfd65fa 645868 asterisk-mobile_1.8.13.1~dfsg-1_amd64.deb bb09d651b92a537bafaafe5d3f7deeb57b814299 30043348 asterisk-dbg_1.8.13.1~dfsg-1_amd64.deb Checksums-Sha256: 78cadeb3920ab0f91fe4bf3da07ce2cd2d7231512391ce4461b985dd75178036 2997 asterisk_1.8.13.1~dfsg-1.dsc 7f6c8f42660de1e588eb1e583b33636342741e89ba5e8205eccb5abf608fbea2 7454524 asterisk_1.8.13.1~dfsg.orig.tar.gz d00dd2bdc6fa2e67890baf7c108b312c36e2285f2e2a10377a291da407b872f3 352734 asterisk_1.8.13.1~dfsg-1.debian.tar.gz 139da75627dfa37a3307c6ef32e111b4e9952d4e02899f2544f8559acc1e2e36 1988602 asterisk-doc_1.8.13.1~dfsg-1_all.deb 07bb138bed324472e3b8144d5b082a8c1b8697766b4db3f68f58ce02f07c3a38 957660 asterisk-dev_1.8.13.1~dfsg-1_all.deb 40cd80f9d2edc47b32643a65e247c5ad109722cac0e29ae9aff2de86c1ce4358 1003256 asterisk-config_1.8.13.1~dfsg-1_all.deb 95f53e5d7013bb95e1783eb029370d2f6645f97a05117c183dc448fd52f2ef62 1770986 asterisk_1.8.13.1~dfsg-1_amd64.deb 4983397f46561796275de550dc1214a024944ca1d80a411516820590b12f462a 2831776 asterisk-modules_1.8.13.1~dfsg-1_amd64.deb 939fc52e2b84a8b7f6b1b4a3436915c9bdac0c2c10ac3edb104d3b796f5b47ab 922740 asterisk-dahdi_1.8.13.1~dfsg-1_amd64.deb a5be087ad315de08a35e4d0d43f1556e408a634f0664df54baa107f418913c45 692932 asterisk-voicemail_1.8.13.1~dfsg-1_amd64.deb 039bd330194f087de56c4d6c17e27510834934012b43bc8380aed47a93cd2859 710168 asterisk-voicemail-imapstorage_1.8.13.1~dfsg-1_amd64.deb 243bd8a693c708ed955264036d7098da5fac71aaad26000d008f5de8d78602c2 698998 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg-1_amd64.deb d1a5931c02bde8048e3cd09476112c8407dc2afdbb9951fa481abcbbec90382b 1037196 asterisk-ooh323_1.8.13.1~dfsg-1_amd64.deb 8f4660e1beca7d6b93e7d68327f62e27c1aedcd1a8a20ff937aee0deb7c0eaa3 632382 asterisk-mp3_1.8.13.1~dfsg-1_amd64.deb 66aa5d5377df36f58168957c5140e0423838dbf9f295c31e1019286f12afcdd2 658484 asterisk-mysql_1.8.13.1~dfsg-1_amd64.deb ca1dcb6e91a5474719bc91320aa3d399e618f801de480cbad77d6f0f6ab35013 645868 asterisk-mobile_1.8.13.1~dfsg-1_amd64.deb 430db7925bdc492510b32f066ce13d26ee6c10a3a6c807745d064be814679d31 30043348 asterisk-dbg_1.8.13.1~dfsg-1_amd64.deb Files: 3180af743e39a108e539be0caf506b6d 2997 comm optional asterisk_1.8.13.1~dfsg-1.dsc 774a4eef40023976ef861eb5d182b9d4 7454524 comm optional asterisk_1.8.13.1~dfsg.orig.tar.gz 0b7539191241ed11bc9eee229585c9b8 352734 comm optional asterisk_1.8.13.1~dfsg-1.debian.tar.gz 4d28c8a6367bc8aafc48ee4823165219 1988602 doc extra asterisk-doc_1.8.13.1~dfsg-1_all.deb e84d97ff8741d1afa585261aacb5a8a8 957660 devel extra asterisk-dev_1.8.13.1~dfsg-1_all.deb 76d9f164b3d69a7d0008584322a90cef 1003256 comm optional asterisk-config_1.8.13.1~dfsg-1_all.deb 4d651200a8692d8debbe60512eabc2f5 1770986 comm optional asterisk_1.8.13.1~dfsg-1_amd64.deb ab26162cc4f8120c0818f22a7c42bf6d 2831776 libs optional asterisk-modules_1.8.13.1~dfsg-1_amd64.deb 846e7c0bf386edb1d99217df73e197b0 922740 comm optional asterisk-dahdi_1.8.13.1~dfsg-1_amd64.deb 88bd8573cc3509404f151d2be1d6c0d2 692932 comm optional asterisk-voicemail_1.8.13.1~dfsg-1_amd64.deb 778851a97bf2960efd5974e2a46baed3 710168 comm optional asterisk-voicemail-imapstorage_1.8.13.1~dfsg-1_amd64.deb fb1c68cd93d173970e3a33589019d189 698998 comm optional asterisk-voicemail-odbcstorage_1.8.13.1~dfsg-1_amd64.deb 1aa8dd6fbf99f0cf760f60719089ba7e 1037196 comm optional asterisk-ooh323_1.8.13.1~dfsg-1_amd64.deb 33302d585cb85f886e82df26ffba2bff 632382 comm optional asterisk-mp3_1.8.13.1~dfsg-1_amd64.deb 7aed4bf4bef7348eea1d8971c6d4646b 658484 comm optional asterisk-mysql_1.8.13.1~dfsg-1_amd64.deb d8094e2acdcc08b6e24e8a3f7784065d 645868 comm optional asterisk-mobile_1.8.13.1~dfsg-1_amd64.deb cb26cf777f3f003849f9b10c6231643e 30043348 debug extra asterisk-dbg_1.8.13.1~dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBBeiwACgkQxArWdkN9MoshwACeK5h+ZcWUmJL2LyvexnjWZgZh tj0AoK0K10Y92vRKaCHQKdyQo3aP95W7 =TiQb -----END PGP SIGNATURE-----
--- End Message ---
