Your message dated Fri, 28 Oct 2016 20:11:19 +0000 with message-id <e1c0dul-0000y2...@franck.debian.org> and subject line Bug#838832: fixed in asterisk 1:11.13.1~dfsg-2+deb8u1 has caused the Debian Bug report #838832, regarding asterisk: chan_sip: File descriptors leak (UDP sockets) / AST-2016-007, CVE-2016-7551 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 838832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Version: 1:11.13.1~dfsg-2 Severity: grave Tags: security upstream Forwarded: https://issues.asterisk.org/jira/browse/ASTERISK-26272 Hi See http://downloads.asterisk.org/pub/security/AST-2016-007.html and https://issues.asterisk.org/jira/browse/ASTERISK-26272 for patches. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:11.13.1~dfsg-2+deb8u1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 838...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 23 Oct 2016 21:28:38 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source amd64 all Version: 1:11.13.1~dfsg-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 776080 782411 838832 Changes: asterisk (1:11.13.1~dfsg-2+deb8u1) jessie-security; urgency=high . [ Tzafrir Cohen ] * Add a placeholder conf in manager.c (Closes: #776080) . [ Bernhard Schmidt ] * AST-2016-007: Fix RTP Resource Exhaustion (CVE-2016-7551) (Closes: #838832) * AST-2015-003: Fix TLS Certificate Common name NULL byte exploit (CVE-2015-3008) (Closes: #782411) * AST-2016-003: Fix crash in UDPTL (CVE-2016-2232) * AST-2016-002: File descriptor exhaustion in chan_sip (CVE-2016-2316) * AST-2016-001: BEAST vulnerability in HTTP server (CVE-2011-3389) Checksums-Sha1: a3edfdf586bb1bd0353e0e6bf164a5261834dd51 4017 asterisk_11.13.1~dfsg-2+deb8u1.dsc b92cbc689bcdac2741e0b454659f9ee814db75c0 8272825 asterisk_11.13.1~dfsg.orig.tar.gz 63485aef2569e29ce25a08341c731540a28cf160 108084 asterisk_11.13.1~dfsg-2+deb8u1.debian.tar.xz 37e17b49861843c59659ef6e103db1165bf87fcc 1665542 asterisk_11.13.1~dfsg-2+deb8u1_amd64.deb 651439f251c2a3851486b5289f53403531a985a4 2128540 asterisk-modules_11.13.1~dfsg-2+deb8u1_amd64.deb 57bdbce07d148fc15d14b6bc905993f4ecef2133 704202 asterisk-dahdi_11.13.1~dfsg-2+deb8u1_amd64.deb d683ff57b1e0d3e9ffca72a3abbcfd43c1a410a2 508160 asterisk-vpb_11.13.1~dfsg-2+deb8u1_amd64.deb 6d37452938470b78089257baaf98fa5c136e5ef3 563622 asterisk-voicemail_11.13.1~dfsg-2+deb8u1_amd64.deb 19991894549d2085ea30fbaac7c3f26c14edf60a 579882 asterisk-voicemail-imapstorage_11.13.1~dfsg-2+deb8u1_amd64.deb 4915cc43d99f5bd5196e7738bdf9cd10f5531cee 569998 asterisk-voicemail-odbcstorage_11.13.1~dfsg-2+deb8u1_amd64.deb b690a01e1fd9a84d52e53c6ea52a0fb78a3bfb86 818928 asterisk-ooh323_11.13.1~dfsg-2+deb8u1_amd64.deb 3bb357ac3d9a40edf6d4b595fcef3448794d50d0 503898 asterisk-mp3_11.13.1~dfsg-2+deb8u1_amd64.deb 26af6acc46ce73f90044c37946e9bf074b00e6a0 521930 asterisk-mysql_11.13.1~dfsg-2+deb8u1_amd64.deb feb8924703f2ca5f5cab47b771508073d82f2e19 514160 asterisk-mobile_11.13.1~dfsg-2+deb8u1_amd64.deb 33bf5cb1c7e3709bf4d039eb3c0c6244a7bb765d 2358304 asterisk-doc_11.13.1~dfsg-2+deb8u1_all.deb 90f93f27e0fdce0e5df42ba82ce5666d64e9d7ce 791856 asterisk-dev_11.13.1~dfsg-2+deb8u1_all.deb ad83825f911a09ee602456c89865ea3725e4ecd4 6449070 asterisk-dbg_11.13.1~dfsg-2+deb8u1_amd64.deb 3f66279e2cca7ef83f4de18fd2ca7268a4546f45 840644 asterisk-config_11.13.1~dfsg-2+deb8u1_all.deb Checksums-Sha256: 50a4296b33a790a5d27618d43ecf894fa1be8fefcd479559000c6f9bac737eed 4017 asterisk_11.13.1~dfsg-2+deb8u1.dsc 1dc9c544f10f1e54bb5264d0a64d7d0648d4ebf1200d7c494bd8beddbb8d30ef 8272825 asterisk_11.13.1~dfsg.orig.tar.gz 9a11395b0bc8a87b0d973404512933a9aca1194f11d75fca68daf47b33a7f783 108084 asterisk_11.13.1~dfsg-2+deb8u1.debian.tar.xz 716a8d388dcc2c936f469fcb54dcf2c6dfb0ab4a77ca281b2031c763ae420181 1665542 asterisk_11.13.1~dfsg-2+deb8u1_amd64.deb f3630361f74a6016e9e5f634ff1e5b34bb624300129b7bc20cf8b94f48b480e9 2128540 asterisk-modules_11.13.1~dfsg-2+deb8u1_amd64.deb 8a07ceaaf9ae452b694abd5308178ec37cedb30c22a87faab605993e78f4b2e4 704202 asterisk-dahdi_11.13.1~dfsg-2+deb8u1_amd64.deb 0e567111411fe930147e88191d0119c79ed4ea6c41f15723d158ea4b073d8eca 508160 asterisk-vpb_11.13.1~dfsg-2+deb8u1_amd64.deb c783095361b97852428967de5ba6d112132e482d6996924067b71883e645cf8a 563622 asterisk-voicemail_11.13.1~dfsg-2+deb8u1_amd64.deb e8a41d0913454324691c2bd103bf46b1935053b50e22f3c5f3c2a6f1c2d3a422 579882 asterisk-voicemail-imapstorage_11.13.1~dfsg-2+deb8u1_amd64.deb 81794d3299253d87e1f65c514ad6a9122aea10156078e6f2d6781fec370bc1b8 569998 asterisk-voicemail-odbcstorage_11.13.1~dfsg-2+deb8u1_amd64.deb 5a82ff33cafdc2a6fe82c4209bd0615fc93a5fad02371ad89f75f1a84e680ec9 818928 asterisk-ooh323_11.13.1~dfsg-2+deb8u1_amd64.deb fe4996d5a0e8278146af3237cccc48e9dc782ff6eb5b859aff386648eb7659fa 503898 asterisk-mp3_11.13.1~dfsg-2+deb8u1_amd64.deb 31ac3f5a48c9740df3fde32d50f5802591baf5e8e54c6d1bf4c806e82e6403b0 521930 asterisk-mysql_11.13.1~dfsg-2+deb8u1_amd64.deb 23f7d9bdcf7693ad0584aa836c9453469305ca2e2c1a4438fec1e939e624cdd1 514160 asterisk-mobile_11.13.1~dfsg-2+deb8u1_amd64.deb 466a98c59e631948468c56872e47cd818de04849850132a73f55c696a4bbf08d 2358304 asterisk-doc_11.13.1~dfsg-2+deb8u1_all.deb b4fbd7a870eb950472498578e464ed07bcbaa2b97b83f7fc41580e2be1fa3a0c 791856 asterisk-dev_11.13.1~dfsg-2+deb8u1_all.deb 4b2d93e685da0da99290d2c141fbcf9ef742f5d572da741b61cb4e7baa66a60b 6449070 asterisk-dbg_11.13.1~dfsg-2+deb8u1_amd64.deb 09007062d6fa7a48dba0affd44ecf6c229d1052c10ecb74d2dd363cf528858da 840644 asterisk-config_11.13.1~dfsg-2+deb8u1_all.deb Files: 3e354b6ff956fda290d5b63c223c3b58 4017 comm optional asterisk_11.13.1~dfsg-2+deb8u1.dsc 8bb1f117c65b7ef28ec466ae4015a0ea 8272825 comm optional asterisk_11.13.1~dfsg.orig.tar.gz 36a5d411a61cb4e5e82da45a4bca17f8 108084 comm optional asterisk_11.13.1~dfsg-2+deb8u1.debian.tar.xz 3ece1b9484d4a54dfb47bf46186854d7 1665542 comm optional asterisk_11.13.1~dfsg-2+deb8u1_amd64.deb 5159fc306b949ed263ea5c357e8243d3 2128540 libs optional asterisk-modules_11.13.1~dfsg-2+deb8u1_amd64.deb 17c7b3d1f7cd1275e271fc5eed0c6fb2 704202 comm optional asterisk-dahdi_11.13.1~dfsg-2+deb8u1_amd64.deb 2450e6330a528415bf5d8d58436e50ee 508160 comm optional asterisk-vpb_11.13.1~dfsg-2+deb8u1_amd64.deb dabb1ebbae108c05e100c8f728bc0f74 563622 comm optional asterisk-voicemail_11.13.1~dfsg-2+deb8u1_amd64.deb 7e44854404f80ee8c07754481ab7902c 579882 comm optional asterisk-voicemail-imapstorage_11.13.1~dfsg-2+deb8u1_amd64.deb 89c2127d001916e0485650fb00d45897 569998 comm optional asterisk-voicemail-odbcstorage_11.13.1~dfsg-2+deb8u1_amd64.deb 79c532ec15cab04c033b4c06d454d5f1 818928 comm optional asterisk-ooh323_11.13.1~dfsg-2+deb8u1_amd64.deb b7893a39c27514d474ee716485f55ee5 503898 comm optional asterisk-mp3_11.13.1~dfsg-2+deb8u1_amd64.deb 02c17f039083d361c9fe641678ab21f4 521930 comm optional asterisk-mysql_11.13.1~dfsg-2+deb8u1_amd64.deb a6b9d6df4553435a7f115fa9e48f116d 514160 comm optional asterisk-mobile_11.13.1~dfsg-2+deb8u1_amd64.deb b05b32b0179f678cf25295691e278bc4 2358304 doc extra asterisk-doc_11.13.1~dfsg-2+deb8u1_all.deb 8f6ded2f817190ab10ff2d7e877352aa 791856 devel extra asterisk-dev_11.13.1~dfsg-2+deb8u1_all.deb 976262e7ff78003056de4d15c246794a 6449070 debug extra asterisk-dbg_11.13.1~dfsg-2+deb8u1_amd64.deb db0171136042267e502c38670db61706 840644 comm optional asterisk-config_11.13.1~dfsg-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIuBAEBCAAYBQJYDmRJERxiZXJuaUBkZWJpYW4ub3JnAAoJEHdQeeW4ULyTFX8P /2lrw3X5Pw0Dkickexujd2X3Li8GXqlkxqK76NsvhfCb79dXo61rMZeoNhSysfvO RuUu5P/WX5ZC9AtgOhuZFGnQ1IoIZ6Aa8r2ql8xK7PxyONcG07miD3rG1uzUOo2U RRK4/uVenA8q9jzpMqJYaVriFnMvMD5TgwmusfZr7/h25uyZjx0I1BQaqI/0lTrd miH/JVFsrfPoCXoS+6G1e8064YKjoMIh31BbVlYNsLWv20d/tXuaR03szWPM0d1i FP6GsTeFUPoJrO3pQVjP+WJXbcEf6O1TBeShY4MukR1QqSTG4V8c1/984gNkUMDz OcJvbzrNQIXfwRoqUYtevk34NVGe325yFFDMFkl2lye2k5BUZTKkPVlLgUcDCg3o lKqMsq2vMg33FPMH97GVP8YKTOQaBeIL3V6FBWqsXu7u+sVfCSGXXHmAKBDQbZOC j/7U+WdO6pLzznKRQL29MybOZ1/n+Yu6/w0dxJ0BQeK+etBUbZyc4t3UDmYmrV80 l2MxjL95FNpN3qpNtI4KkzHFgulk57x/ho5UgYQjsjJfQlekpVUyUNUeVbjght8N 4Pqb3eweZB9jvMobrvWOoMap/kO9dMnxQEgwqvlgbd/YCRGbA8IAxD9gUJi+MRqW +fKkEZvWmBZBqHaj8D3q+vw4yvSrmMzgBVvkahM1vXIs =jMZ3 -----END PGP SIGNATURE-----
--- End Message ---
