Your message dated Sun, 08 Oct 2017 12:02:51 +0000 with message-id <e1e1aif-000hgs...@fasolo.debian.org> and subject line Bug#876328: fixed in asterisk 1:11.13.1~dfsg-2+deb8u4 has caused the Debian Bug report #876328, regarding asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Version: 1:13.17.1~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2017-14603[0]: followup-to AST-2017-005: RTP/RTCP information leak If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603 [1] http://downloads.asterisk.org/pub/security/AST-2017-008.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:11.13.1~dfsg-2+deb8u4 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 23 Sep 2017 21:07:18 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source amd64 all Version: 1:11.13.1~dfsg-2+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 876328 Changes: asterisk (1:11.13.1~dfsg-2+deb8u4) jessie-security; urgency=high . * CVE-2017-14603 / AST-2017-008 This is a follow-up for AST-2017-005: RTP/RTCP information leak improving robustness of the security fix and fixing a regression with re-INVITEs (Closes: #876328) Checksums-Sha1: f7b53dc6d228b53434310ad18e01f1bf0358c44b 4050 asterisk_11.13.1~dfsg-2+deb8u4.dsc 4d883e90f48141c9975bf62764b8d14385e4982b 120088 asterisk_11.13.1~dfsg-2+deb8u4.debian.tar.xz bb28863222954ddbac903a747e7a606d688934bb 1666648 asterisk_11.13.1~dfsg-2+deb8u4_amd64.deb 1d42c8810cd55ddcecaf96d29b63f4b88e1d2ad5 2128016 asterisk-modules_11.13.1~dfsg-2+deb8u4_amd64.deb e0129c6f607c9b10a3c5c129ebc4ea7c312a7271 704006 asterisk-dahdi_11.13.1~dfsg-2+deb8u4_amd64.deb d40c6ed18fd4ca93fecad7dc9845b34ccc1ae781 508316 asterisk-vpb_11.13.1~dfsg-2+deb8u4_amd64.deb f93b6b4fffcc09062f6392d209dc35cbd58e345f 563946 asterisk-voicemail_11.13.1~dfsg-2+deb8u4_amd64.deb 504f11349882476129b66666bec9e2bfac1fbebb 579936 asterisk-voicemail-imapstorage_11.13.1~dfsg-2+deb8u4_amd64.deb a9c33dc1f07c95da4771b6c2e6db56aeacb544c1 570120 asterisk-voicemail-odbcstorage_11.13.1~dfsg-2+deb8u4_amd64.deb 3856d10c4d2b8e6ee4a21788f9183b8385d97b48 819050 asterisk-ooh323_11.13.1~dfsg-2+deb8u4_amd64.deb e2472f5921a897eb2fd3a1f7018ddc495bb826c4 504036 asterisk-mp3_11.13.1~dfsg-2+deb8u4_amd64.deb f34901142c6b6116a8cba400c3450f69dc159c3d 521994 asterisk-mysql_11.13.1~dfsg-2+deb8u4_amd64.deb 87c603843979679fee3cfa3644fe6aaddd8957ed 514234 asterisk-mobile_11.13.1~dfsg-2+deb8u4_amd64.deb 0d58971a687cca539e0dc5ec2e50d1f2a7fbcc05 2358928 asterisk-doc_11.13.1~dfsg-2+deb8u4_all.deb 495d21d485e93a6dd0eff6f38256d5124e2ed3a9 791804 asterisk-dev_11.13.1~dfsg-2+deb8u4_all.deb e7b5c55b1923c945735b92b2784f9b3e67a22e9e 6460946 asterisk-dbg_11.13.1~dfsg-2+deb8u4_amd64.deb b7164be06b9a0a5bda11914ec177ed3a58f1e961 837726 asterisk-config_11.13.1~dfsg-2+deb8u4_all.deb Checksums-Sha256: 81c67ede60f9c8b7002fb91dee5320a7b5220a1e5f32a8328c038bbb9b7976c0 4050 asterisk_11.13.1~dfsg-2+deb8u4.dsc ccd0454f4f25676ffb1aa92c9b2adee71557cbb3e8883ec1a1cb85b8bea8e1d0 120088 asterisk_11.13.1~dfsg-2+deb8u4.debian.tar.xz 33475090e5a0cf5d46678a73fb28e167a9d2570ab12e108e2bde2545613132bd 1666648 asterisk_11.13.1~dfsg-2+deb8u4_amd64.deb 5996f5445f48ba8cfa4d98dfb8f3c0aebeb91a4cb50df8aabbf9e4c84ac8384b 2128016 asterisk-modules_11.13.1~dfsg-2+deb8u4_amd64.deb 271c07bbe6d67013624d023e9236a367944a70092e408327f9932169c8fa1d71 704006 asterisk-dahdi_11.13.1~dfsg-2+deb8u4_amd64.deb e773ce19f188fa47d3e121634ffc39b232e81ca235d4fbdd5382310915bc0a20 508316 asterisk-vpb_11.13.1~dfsg-2+deb8u4_amd64.deb eee3b85368bb294e485c9be3c44ebcd56de81a84cfd1a8b292a645bed0d1b9c2 563946 asterisk-voicemail_11.13.1~dfsg-2+deb8u4_amd64.deb a4d638c95e5cdae8e0238c06e9423cbe1ceb9c9700429a8fb92dfc18a98eab84 579936 asterisk-voicemail-imapstorage_11.13.1~dfsg-2+deb8u4_amd64.deb 7ee7cec24a77de4025e7819a4030b293a1c46631900d078294b0cde9044537b7 570120 asterisk-voicemail-odbcstorage_11.13.1~dfsg-2+deb8u4_amd64.deb bf24333674a904eb3a7af775e074522db3630970c23d89bf7fcf88d41406dc96 819050 asterisk-ooh323_11.13.1~dfsg-2+deb8u4_amd64.deb 245322c8d08bcbc913bb18f0f458af2b15f8c6ba033a539b2b12b45e0273bb39 504036 asterisk-mp3_11.13.1~dfsg-2+deb8u4_amd64.deb b5d17429f9a37c6e56995bc1814734907c895da6c38c1314ab16a95e92d6330a 521994 asterisk-mysql_11.13.1~dfsg-2+deb8u4_amd64.deb b6071b9c9c2e6b00f9fd8e38f85980e965dd5fa7a87b3d6e42c4007ccc43b841 514234 asterisk-mobile_11.13.1~dfsg-2+deb8u4_amd64.deb 7b9744782840e46a66a432f51659939ddf7360c41afc9d27614de3486b2810a0 2358928 asterisk-doc_11.13.1~dfsg-2+deb8u4_all.deb fcde60e44a9d7a592d8afe6e2fb2469ee1f45640161aa2e3c007826468bc899f 791804 asterisk-dev_11.13.1~dfsg-2+deb8u4_all.deb 3a1c87e0306035bdd723fe787b265e91af4d9cf4a9b0257d639b34ac3f31c2aa 6460946 asterisk-dbg_11.13.1~dfsg-2+deb8u4_amd64.deb 496884afaa956263626efafe38e5ed67a9ce1ac83416262cbd0cb0a88d75d62d 837726 asterisk-config_11.13.1~dfsg-2+deb8u4_all.deb Files: 669c03469e3a558ae31ed3157a5fefb2 4050 comm optional asterisk_11.13.1~dfsg-2+deb8u4.dsc 4aa3e35061931f23f00240285d8916b2 120088 comm optional asterisk_11.13.1~dfsg-2+deb8u4.debian.tar.xz 2bf2d7f92813f10abb7d1d2492ee7e21 1666648 comm optional asterisk_11.13.1~dfsg-2+deb8u4_amd64.deb ebe698595cc2d100a9a2d63a9d845575 2128016 libs optional asterisk-modules_11.13.1~dfsg-2+deb8u4_amd64.deb ad3e564e65ae48a9d2eb3e006e8125db 704006 comm optional asterisk-dahdi_11.13.1~dfsg-2+deb8u4_amd64.deb 789db7a79ef187301881aff0af6e7ae2 508316 comm optional asterisk-vpb_11.13.1~dfsg-2+deb8u4_amd64.deb c8f8c814df247b7deda92ec6f3e6dfa9 563946 comm optional asterisk-voicemail_11.13.1~dfsg-2+deb8u4_amd64.deb 37c6c246b85d0ec6a8199516c68d6455 579936 comm optional asterisk-voicemail-imapstorage_11.13.1~dfsg-2+deb8u4_amd64.deb 80f55be03c600224c7a4830e57cc83e9 570120 comm optional asterisk-voicemail-odbcstorage_11.13.1~dfsg-2+deb8u4_amd64.deb 3aabc55dc08904f0a4fb8406d3779fc1 819050 comm optional asterisk-ooh323_11.13.1~dfsg-2+deb8u4_amd64.deb d3dc7d642dd6f482ef26c7f03dbd3cad 504036 comm optional asterisk-mp3_11.13.1~dfsg-2+deb8u4_amd64.deb 40f3019f8139b1db5f91e858e63ae868 521994 comm optional asterisk-mysql_11.13.1~dfsg-2+deb8u4_amd64.deb f726b5a5fbe3d6e3939a5f7beb2cce5a 514234 comm optional asterisk-mobile_11.13.1~dfsg-2+deb8u4_amd64.deb 6b2819468e69d925370e1efd842d0551 2358928 doc extra asterisk-doc_11.13.1~dfsg-2+deb8u4_all.deb db877370e3242fd48dca34a639ea2fd6 791804 devel extra asterisk-dev_11.13.1~dfsg-2+deb8u4_all.deb 98379e8068ce8adffc920231456307ff 6460946 debug extra asterisk-dbg_11.13.1~dfsg-2+deb8u4_amd64.deb 282e1c21b215a0e3a0212bc05763c3fd 837726 comm optional asterisk-config_11.13.1~dfsg-2+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlnSp0cRHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJOQgw/+MxJqB8pscoktNSrrpLRg3b1/KvBp1DqY B6LWplTlJUPRcJsD6LQWL/WXD1pSkMazZTrt5I3Lh+xtJhK3PaQyjJzHtxQ8vIA2 LOeXpciG301W3GNnNc2/c8+IQ3vo3TqWj8AGLh96sr5PrW+HH18O5Gi2TAaKvg2k 942RRhYaI3jNC2lUt2Ph0VGC+Zi2eWJDdZtYDr4aYIC2gaIlsT056G8CiUQCsOTw a4j/5MfPYvgGpOBg7HgxJZTQsSzVFPAMsiE6BJXA2nHUQyoOGYtSsEbKs+3hkgUr 861cBc8LLgy2y4CaMjoBERw6RGwtmY+O8e1GlNdnGWkZEosjHym4aNUWYLki8AX3 NirbR+DHcnjAQ12HbP9R2upNStuj8Stv4/OKB/dE2JqxDZziGXsF+UrLGgojWK5w g1rmu6r7n8YB6Kt7iz2+ChgfD9zZdcz/hj9z0NvrBDI2l9k92I6tUlkVvuGycfw/ eX7/0Xfs8EDiNE7TsJ/BWB1aorRQ/6m8sunoAqE1nFpHfME1lEaUXtCB93JfFXxC fHQxoEsQTcszpky9DzAXjSDNxuudT+D09chFg8ug5k2mBqRBKPfsSqubOZ0gF9Mv IHzT9XAaMNtl44a3jYxt+Jrz+DLGLPBgNiZ+cnHsVIjLKBBDdHjVqDtoIaiN84FO cg6oGxiFjhQ= =Rq9d -----END PGP SIGNATURE-----
--- End Message ---
