Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 526208 - <net-misc/asterisk-11.13.1: Susceptibility to POODLE Vulnerability (CVE-2014-3566)
Summary: <net-misc/asterisk-11.13.1: Susceptibility to POODLE Vulnerability (CVE-2014-...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://downloads.asterisk.org/pub/sec...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-21 10:04 UTC by Agostino Sarubbo
Modified: 2014-11-23 18:20 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-10-21 10:04:27 UTC
See ${URL} for details.



@maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Comment 1 Tony Vroon gentoo-dev 2014-10-21 10:16:04 UTC
Arches, please test and mark stable:
=net-misc/asterisk-11.13.1

Target stable keywords:
amd64 x86

The recommended test procedure, requiring USE=samples, is to try to start & stop the daemon three times in succession. This requires no configuration and will confirm that the daemon is behaving normally.

The 12 branch is masked and has had vulnerable ebuilds removed. The 1.8 branch has been removed from portage.
Comment 2 Agostino Sarubbo gentoo-dev 2014-10-21 12:44:05 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2014-10-21 12:44:19 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Tony Vroon gentoo-dev 2014-10-21 16:13:39 UTC
+  21 Oct 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.12.1.ebuild:
+  Remove vulnerable ebuilds now that stabilisation is complete. For security
+  bug #526208.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2014-11-04 02:55:45 UTC
Arches and Mainter(s), Thank you for your work.

Added to an existing GLSA request.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-11-23 18:20:10 UTC
This issue was resolved and addressed in
 GLSA 201411-10 at http://security.gentoo.org/glsa/glsa-201411-10.xml
by GLSA coordinator Sean Amoss (ackle).