Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 224835 (CVE-2008-2119) - net-misc/asterisk <1.2.31.1 SIP channel remote crash (CVE-2008-2119)
Summary: net-misc/asterisk <1.2.31.1 SIP channel remote crash (CVE-2008-2119)
Status: RESOLVED FIXED
Alias: CVE-2008-2119
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://lists.digium.com/pipermail/ast...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-04 05:25 UTC by Rajiv Aaron Manglani (RETIRED)
Modified: 2009-05-02 17:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rajiv Aaron Manglani (RETIRED) gentoo-dev 2008-06-04 05:25:43 UTC
[asterisk-announce] Asterisk 1.2.29 Released
The Asterisk Development Team asteriskteam at digium.com
Tue Jun 3 15:05:17 CDT 2008

The asterisk.org development team has released Asterisk version 1.2.29.

This release contains a fix for a security issue that is documented in 
AST-2008-008.  The SIP channel driver in Asterisk 1.2 had a remote crash 
vulnerability when pedantic mode is enabled.  For more information on 
the vulnerability, see the advisory:

http://downloads.digium.com/pub/security/AST-2008-008.html

Thank you for your continued support of Asterisk!
Comment 1 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2008-06-05 04:55:58 UTC
fixing product/component.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 17:40:00 UTC
voip: *PING*
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-05 22:03:01 UTC
voip, the timeline for B3 is 20 days, please fix this!
Comment 4 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2009-03-12 03:35:08 UTC
+*asterisk-1.2.31.1 (11 Mar 2009)
+
+  11 Mar 2009; <chainsaw@gentoo.org>
+  +files/1.2.0/asterisk-1.2.31.1-bri-fixups.diff,
+  +files/1.2.0/asterisk-1.2.31.1-comma-is-not-pipe.diff,
+  +files/1.2.0/asterisk-1.2.31.1-svn89254.diff, +asterisk-1.2.31.1.ebuild:
+  Version bump, for security bugs #250748 and #254304. Took a 1.4 build fix
+  that is relevant to 1.2, Digium bug #11238. Wrote patch to fix up typo in
+  open call, a comma is not a pipe sign. Used EAPI 2 for USE-based
+  dependencies instead of calling die. Patch from Mounir Lamouri adding
+  -lspeexdsp closes bug #206463 filed by John Read.
Comment 5 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-12 15:35:27 UTC
Stabling via bug 250748
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2009-05-02 17:57:26 UTC
GLSA 200905-01