Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 307281

Summary: net-misc/asterisk-1.6.2.5 version bump request
Product: Gentoo Linux Reporter: Thomas Stein <himbeere>
Component: Current packagesAssignee: Tony Vroon (RETIRED) <chainsaw>
Status: RESOLVED FIXED    
Severity: normal CC: voip+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5
Whiteboard:
Package list:
Runtime testing required: ---

Description Thomas Stein 2010-03-01 07:54:19 UTC 
Hello.

Asterisk 1.6.2.5 has been released. It's just a minor release which fixes a security issue.

AST-2010-002: Invalid parsing of ACL rules can compromise security

cheers
t.


Reproducible: Always
Comment 1 Tony Vroon (RETIRED) gentoo-dev 2010-05-02 14:26:42 UTC 
I do apologise, this bug got overlooked.
The ebuild you asked for was added:
*asterisk-1.6.2.5 (01 Mar 2010)
*asterisk-1.6.1.17 (01 Mar 2010)

  01 Mar 2010; <chainsaw@gentoo.org> -asterisk-1.6.1.16.ebuild,
  +asterisk-1.6.1.17.ebuild, -asterisk-1.6.2.4.ebuild,
  +asterisk-1.6.2.5.ebuild:
  Security update AST-2010-003 on the 1.6.1 & 1.6.2 branches. This addresses
  invalid parsing of ACL rules. Removed vulnerable ebuilds.

And then removed again because of a newer security vulnerability:
  06 Apr 2010; <chainsaw@gentoo.org> -asterisk-1.6.1.17.ebuild,
  -asterisk-1.6.2.5.ebuild:
  Removing vulnerable ebuilds for CVE-2010-1224 / AST-2010-003 (Remote host
  access control bypass) as requested by Stefan "Craig" Behte
  <craig@gentoo.org> in security bug #313341.