Summary: | <net-misc/asterisk-1.2.31.1 IAX2 vulnerability (CVE-2008-1897) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Rajiv Aaron Manglani (RETIRED) <rajiv> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | anton.bugs, voip+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://downloads.digium.com/pub/security/AST-2008-006.html | ||
Whiteboard: | B3? [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 249573 | ||
Bug Blocks: | 232696 |
Description
Rajiv Aaron Manglani (RETIRED)
2008-04-22 23:16:30 UTC
fixed in voip overlay for versions 1.4.19.1 and 1.6.0-beta8. CVE-2008-1923 was assigned to the original "NEW" issue in June 2007. (In reply to comment #2) > CVE-2008-1923 was assigned to the original "NEW" issue in June 2007. This was released with 1.2.20. voip, any news here? This is only first security bug report from 7 others opened. Somebody has either mask asterisk stable packages in the portage or fix them all. The way how it is now doesn't make sense for me. +*asterisk-1.2.31.1 (11 Mar 2009) + + 11 Mar 2009; <chainsaw@gentoo.org> + +files/1.2.0/asterisk-1.2.31.1-bri-fixups.diff, + +files/1.2.0/asterisk-1.2.31.1-comma-is-not-pipe.diff, + +files/1.2.0/asterisk-1.2.31.1-svn89254.diff, +asterisk-1.2.31.1.ebuild: + Version bump, for security bugs #250748 and #254304. Took a 1.4 build fix + that is relevant to 1.2, Digium bug #11238. Wrote patch to fix up typo in + open call, a comma is not a pipe sign. Used EAPI 2 for USE-based + dependencies instead of calling die. Patch from Mounir Lamouri adding + -lspeexdsp closes bug #206463 filed by John Read. Stabling via bug 250748 GLSA 200905-01 |