307281 – net-misc/asterisk-1.6.2.5 version bump request

Bug 307281 - net-misc/asterisk-1.6.2.5 version bump request

Summary: net-misc/asterisk-1.6.2.5 version bump request

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Tony Vroon (RETIRED)

URL:	http://downloads.asterisk.org/pub/tel...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-03-01 07:54 UTC by Thomas Stein
Modified:	2010-05-02 14:26 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Stein 2010-03-01 07:54:19 UTC

Hello.

Asterisk 1.6.2.5 has been released. It's just a minor release which fixes a security issue.

AST-2010-002: Invalid parsing of ACL rules can compromise security

cheers
t.


Reproducible: Always

Comment 1 Tony Vroon (RETIRED) gentoo-dev

2010-05-02 14:26:42 UTC

I do apologise, this bug got overlooked.
The ebuild you asked for was added:
*asterisk-1.6.2.5 (01 Mar 2010)
*asterisk-1.6.1.17 (01 Mar 2010)

  01 Mar 2010; <chainsaw@gentoo.org> -asterisk-1.6.1.16.ebuild,
  +asterisk-1.6.1.17.ebuild, -asterisk-1.6.2.4.ebuild,
  +asterisk-1.6.2.5.ebuild:
  Security update AST-2010-003 on the 1.6.1 & 1.6.2 branches. This addresses
  invalid parsing of ACL rules. Removed vulnerable ebuilds.

And then removed again because of a newer security vulnerability:
  06 Apr 2010; <chainsaw@gentoo.org> -asterisk-1.6.1.17.ebuild,
  -asterisk-1.6.2.5.ebuild:
  Removing vulnerable ebuilds for CVE-2010-1224 / AST-2010-003 (Remote host
  access control bypass) as requested by Stefan "Craig" Behte
  <craig@gentoo.org> in security bug #313341.