http://thread.gmane.org/gmane.comp.security.full-disclosure/68793 +------------------------------------------------------------------------+ | Description | An attacker can cause Asterisk to crash remotely by | | | sending malformed RTP text frames. While the attacker | | | can cause Asterisk to crash, he cannot execute arbitrary | | | remote code with this exploit. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release Series | | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 1.2.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 1.4.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 1.6.x | All 1.6.1 versions | |-------------------------------+----------------+-----------------------| | Asterisk Addons | 1.2.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Addons | 1.4.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Addons | 1.6.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Business Edition | A.x.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Business Edition | B.x.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Business Edition | C.x.x | Unaffected | |-------------------------------+----------------+-----------------------| | AsteriskNOW | 1.5 | Unaffected | |-------------------------------+----------------+-----------------------| | s800i (Asterisk Appliance) | 1.2.x | Unaffected | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |---------------------------------------------+--------------------------| | Open Source Asterisk 1.6.1 | 1.6.1.2 | |---------------------------------------------+--------------------------| +------------------------------------------------------------------------+
Since masked, changed to ~3 (Trivial).
Version bump is easy. The patches apply to 1.6.1.2 just fine. Just rename asterisk-1.6.1.1-resolve-peer-not-section-header.patch and the ebuild.
1.6.1.9 appeared in portage. Closing noglsa as there were never a stable 1.6.1.9.
1.6.x, of course.