Summary: | net-misc/asterisk < 1.2.31.1 IAX2 provisioning traffic amplification (CVE-2008-3264) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Rajiv Aaron Manglani (RETIRED) <rajiv> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | rentorbuy, voip+disabled | ||||||
Priority: | Low | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://lists.digium.com/pipermail/asterisk-announce/2008-July/000160.html | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 218966 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Rajiv Aaron Manglani (RETIRED)
2008-07-22 23:26:32 UTC
fixed in voip overlay for version 1.4.20.2 Created attachment 161184 [details, diff]
net-misc/asterisk-1.2.30.ebuild diff
Created attachment 161186 [details, diff]
FILESDIR asterisk-1.2-ilbc.diff
also rename the bristuff file accordingly.
(In reply to comment #1) > fixed in voip overlay for version 1.4.20.2 > Is there any plans for pushing it in the main tree? otherwise, what about 1.2x series? +*asterisk-1.2.31.1 (11 Mar 2009) + + 11 Mar 2009; <chainsaw@gentoo.org> + +files/1.2.0/asterisk-1.2.31.1-bri-fixups.diff, + +files/1.2.0/asterisk-1.2.31.1-comma-is-not-pipe.diff, + +files/1.2.0/asterisk-1.2.31.1-svn89254.diff, +asterisk-1.2.31.1.ebuild: + Version bump, for security bugs #250748 and #254304. Took a 1.4 build fix + that is relevant to 1.2, Digium bug #11238. Wrote patch to fix up typo in + open call, a comma is not a pipe sign. Used EAPI 2 for USE-based + dependencies instead of calling die. Patch from Mounir Lamouri adding + -lspeexdsp closes bug #206463 filed by John Read. Stabling via bug 250748 GLSA 200905-01 |