Your message dated Sat, 07 Oct 2017 11:47:08 +0000 with message-id <e1e0nzu-0004oc...@fasolo.debian.org> and subject line Bug#876328: fixed in asterisk 1:13.14.1~dfsg-2+deb9u2 has caused the Debian Bug report #876328, regarding asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Version: 1:13.17.1~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2017-14603[0]: followup-to AST-2017-005: RTP/RTCP information leak If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603 [1] http://downloads.asterisk.org/pub/security/AST-2017-008.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:13.14.1~dfsg-2+deb9u2 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 23 Sep 2017 21:26:19 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-config Architecture: source Version: 1:13.14.1~dfsg-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 875450 876328 Changes: asterisk (1:13.14.1~dfsg-2+deb9u2) stretch-security; urgency=high . * CVE-2017-14603 / AST-2017-008 This is a follow-up for AST-2017-005: RTP/RTCP information leak improving robustness of the security fix and fixing a regression with re-INVITEs (Closes: #876328) * Fix one-way audio with chan_sip when transcoding (Closes: #875450) Checksums-Sha1: 2977c66a23be109bc4fbe53e5b85fc46638f63d5 4133 asterisk_13.14.1~dfsg-2+deb9u2.dsc 3970e2be900e02197c18a09a4e2b3590de5c9a5e 142904 asterisk_13.14.1~dfsg-2+deb9u2.debian.tar.xz 35a01eb8ebbe0158edae6e99bdb8af87e6437aa1 26743 asterisk_13.14.1~dfsg-2+deb9u2_amd64.buildinfo Checksums-Sha256: 2e507bdb0d01d9f6d4995aca883f93397c2109a0640e8e74d46fe510c7f0d091 4133 asterisk_13.14.1~dfsg-2+deb9u2.dsc fab80768a606e74b95c4ff4023b9374aebf3558f266c7df46627baacc68e51d3 142904 asterisk_13.14.1~dfsg-2+deb9u2.debian.tar.xz 4a62a738b59acf852d56826a1595963800cc01fe70ddad0656a41bca81ee1929 26743 asterisk_13.14.1~dfsg-2+deb9u2_amd64.buildinfo Files: 94f072e4715994f227382b8d5ad82ddd 4133 comm optional asterisk_13.14.1~dfsg-2+deb9u2.dsc 929b8e75c065f52baa01cb276fb37e20 142904 comm optional asterisk_13.14.1~dfsg-2+deb9u2.debian.tar.xz bc9dd19d916349e00b39c28b8530212a 26743 comm optional asterisk_13.14.1~dfsg-2+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlnSoNQRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJOO4w/8Cy+eEEc/lXwoBQScIeIykwdueW2aknKY XUTFT3Vx6fHnrypASQKENzl/cyvQvydhTn6cpMmK6o19cyWqQVaH0jKiHH9NHFun 2j8aPRDAG5kkowsDED0VqHpM9Ynj2s36ySnyGihjeGvd+M5ceNjk7lwjtWYQK41u /gZHU3bSVfEUQSPi/JFIlqO50/qnEAcUoLpOlZ/K+KSALnYev88IytqvBm7JtUnR 2pUPHpzFeF6RoAWVOE0F9Iqh3FDWv9HaLY+MX+OznJDeDiZHueJrwvwwcUj4c1XH MFEDp7Pl6FcBuHSFaP7ykrv/zcwNSnnvzOf+998RWaBTKxJM/LCVJigKatATRIH6 RAN+iuFAzWPlPSQnVQRNxWo3K/kIIDUwNqvrFeDclGwJ8bkgL/vDAwVi5Y5GKdwz Uq5J+btRFEvGNxtrrcXCG4raxlUjuj8YCHpOEFkGUoJm5pCvfPyctGPqgIMqp8Fy Fr4qAus2R9eMCbRJ04ONcSQNbSCSm/ofxmIufGy2zR80T/t7k0lQk+Zn30QFIurc HXgWFlfZIG5yDZ1Kw+c/PpqskgaZOKwC4atZMBVgxwtGnCxGFrvpXNsZ53x8/EVF /ThhlfeAZS4hlHile2QWKgnYi64f8xq3j8FBLDYM2XnhqpUV/NJ0XfgaEJbw84Iy oSLyoB0W7gw= =OEn7 -----END PGP SIGNATURE-----
--- End Message ---
