Your message dated Tue, 03 Apr 2018 12:34:29 +0000 with message-id <e1f3l8v-0008z1...@fasolo.debian.org> and subject line Bug#891228: fixed in asterisk 1:13.20.0~dfsg-1 has caused the Debian Bug report #891228, regarding asterisk: CVE-2018-7286: AST-2018-005: Crash when large numbers of TCP connections are closed suddenly to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891228: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: asterisk Version: 1:13.18.5~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2018-7286[0]: | An issue was discovered in Asterisk through 13.19.1, 14.x through | 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through | 13.18-cert2. res_pjsip allows remote authenticated users to crash | Asterisk (segmentation fault) by sending a number of SIP INVITE | messages on a TCP or TLS connection and then suddenly closing the | connection. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-7286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286 [1] http://downloads.asterisk.org/pub/security/AST-2018-005.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: asterisk Source-Version: 1:13.20.0~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt <be...@debian.org> (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Apr 2018 10:59:20 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-tests asterisk-doc asterisk-dev asterisk-config Architecture: source Version: 1:13.20.0~dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org> Changed-By: Bernhard Schmidt <be...@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-tests - internal test modules of the Asterisk PBX asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 891227 891228 Changes: asterisk (1:13.20.0~dfsg-1) unstable; urgency=medium . * New upstream version 13.20.0 (Closes: #891227, #891228) * Reorganize upstream GPG keys - Split individual signing keys in separate files - Add new key for Ben Ford <bf...@digium.com>: 0x073B0C1FC9B2E352 - Add new key for Joshua Colp <jc...@digium.com>: 0xCDBEE4CC699E200EB4D46BB79E76E3A42341CE04 * Fix missing/broken Closes: in previous changelog * Install realtime database schema into asterisk-doc * Point Vcs-* to salsa Checksums-Sha1: b552791e29e539d5147d2a597ce1397c6431588b 4239 asterisk_13.20.0~dfsg-1.dsc a3fdada38e44765370c3c77cad24f688abec1b92 6275676 asterisk_13.20.0~dfsg.orig.tar.xz 93ce3bfc83fdadfe6545f643aced8239d832b1e9 136328 asterisk_13.20.0~dfsg-1.debian.tar.xz 4a929b8f51be364bd64fe882bbe2ed7b930916a6 27997 asterisk_13.20.0~dfsg-1_amd64.buildinfo Checksums-Sha256: 94773b221c73a63491e050b26214e901a4338abfff4dcbe6fc48a1a8566a96ef 4239 asterisk_13.20.0~dfsg-1.dsc e90da610ebeadb1cc5924a58b5bf962d3d660dcf0a2b7862504a6cc4e7e14d66 6275676 asterisk_13.20.0~dfsg.orig.tar.xz dad474a3483519aa1983156e80f9dc7410958d8d347962a1e5dc822e613b06bd 136328 asterisk_13.20.0~dfsg-1.debian.tar.xz 64ac712184a00fc354ae017fd86e4f237f61a1c6ea641ab22f89f08ccdb7584c 27997 asterisk_13.20.0~dfsg-1_amd64.buildinfo Files: e8a3da57b2a48aa64c789c692aae58a8 4239 comm optional asterisk_13.20.0~dfsg-1.dsc 5794d9b469ed78fa0c2234129249d041 6275676 comm optional asterisk_13.20.0~dfsg.orig.tar.xz 6598b3f0655200952dcd83a625db06dc 136328 comm optional asterisk_13.20.0~dfsg-1.debian.tar.xz af9b05c2e1b1a0266dd3daa31e298f30 27997 comm optional asterisk_13.20.0~dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlrDcZ0RHGJlcm5pQGRl Ymlhbi5vcmcACgkQd1B55bhQvJPQsQ//bPjCE9rZ0Jq6e2G9FxfKZQ8gKk5OFtnk n9EK1Teezoqkrp4H09iKVPL4OIkz3cCwJJRqzZd506vVBoqyVcUuhxXQs50kE2Va SJ+FY03zGNoajAmjJLkGBe35dxnABCmHMtFtoODubNBVB2+Bn4lO//Voz+b9Bmoa QMCs1OkefHmnF2AcJkaf9E8GadM3FqPjr0NkoW/JP1h/tBRnA5clX/qNHO6rMUCI nuwaZCAneuFRmxXtbUSvBGapObssenzyIFHU/HjWJSQxjexL5wDc8rVzg9ZUdBuh 4+izVe5ICHCbrBaRBfClG2rp4WtsfZxZ4Csylsb1j6ORmyyMvG+CEoSchjTnqvNR oRb2RQzJr9odwPTaRLho0TPXflrmna80ByOSyuKbxmY/bgKjxGlAE+eZDk68Evvb JjJKd+Dpl/VLXTvhlw+QeQF93R7E/mLVxMAteqrBhYzrMNUX/H+7vvauvoElczan OYNqyP8Euy1CgJk7aeJYeqO6JEOrL+g3H8SYJRBlneaUdly7P/MVeB4TwGRwlryZ ob2ikFTtGBljJg2j4LXpklrNRoRVdxmkeAOSOmz+gLAELa+h/mjPsqMybhxmPdYL 6ZkqKHOqBOeDuB+9Dn2CBjZGD0zhUWmLSa5FKKun5EnFHoOfdvkL+oQaIKINkFB6 1CD4hW+9YXU= =rU52 -----END PGP SIGNATURE-----
--- End Message ---
