Summary: | <net-misc/asterisk-1.2.31.1 IAX 'POKE' resource exhaustion (CVE-2008-3263) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Rajiv Aaron Manglani (RETIRED) <rajiv> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | voip+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.digium.com/pipermail/asterisk-announce/2008-July/000159.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 249573 | ||
Bug Blocks: |
Description
Rajiv Aaron Manglani (RETIRED)
2008-07-22 23:29:37 UTC
fixed in voip overlay for version 1.4.20.2 Already stable in tree. Please vote! Thanks for having bumped it. Voting noglsa because it's not so hard to exhaust Asterisk resources (like every VoIP software) even without any vulnerability. hmm, it says it's fixed *in the VoIP overlay*, and I don't see any sign of asterisk 1.2.30 in the main tree... So back to [ebuild]. Sorry, I misread the version. Adjusting severity. +*asterisk-1.2.31.1 (11 Mar 2009) + + 11 Mar 2009; <chainsaw@gentoo.org> + +files/1.2.0/asterisk-1.2.31.1-bri-fixups.diff, + +files/1.2.0/asterisk-1.2.31.1-comma-is-not-pipe.diff, + +files/1.2.0/asterisk-1.2.31.1-svn89254.diff, +asterisk-1.2.31.1.ebuild: + Version bump, for security bugs #250748 and #254304. Took a 1.4 build fix + that is relevant to 1.2, Digium bug #11238. Wrote patch to fix up typo in + open call, a comma is not a pipe sign. Used EAPI 2 for USE-based + dependencies instead of calling die. Patch from Mounir Lamouri adding + -lspeexdsp closes bug #206463 filed by John Read. Stabling via bug 250748 GLSA 200905-01 |