Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 539806 (CVE-2015-1558) - <net-misc/asterisk-{12.8.1,13.1.1}: Unspecified vulnerability (CVE-2015-1558)
Summary: <net-misc/asterisk-{12.8.1,13.1.1}: Unspecified vulnerability (CVE-2015-1558)
Status: RESOLVED FIXED
Alias: CVE-2015-1558
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-11 18:00 UTC by GLSAMaker/CVETool Bot
Modified: 2015-02-16 03:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-02-11 18:00:32 UTC 
CVE-2015-1558 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1558):
  Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using
  the PJSIP channel driver, does not properly reclaim RTP ports, which allows
  remote authenticated users to cause a denial of service (file descriptor
  consumption) via an SDP offer containing only incompatible codecs.


@maintainers: Convenience filing; The package is masked for testing, please close the bug once bump and cleanup is done
Comment 1 Tony Vroon (RETIRED) gentoo-dev 2015-02-11 20:53:47 UTC 
+*asterisk-13.1.1 (11 Feb 2015)
+*asterisk-12.8.1 (11 Feb 2015)
+
+  11 Feb 2015; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.14.2.ebuild,
+  -asterisk-11.14.2-r1.ebuild, -asterisk-11.15.0.ebuild,
+  -asterisk-12.7.2.ebuild, -asterisk-12.7.2-r1.ebuild, -asterisk-12.8.0.ebuild,
+  -asterisk-12.8.0-r1.ebuild, +asterisk-12.8.1.ebuild, -asterisk-13.1.0.ebuild,
+  +asterisk-13.1.1.ebuild:
+  Upgrades on the 12 & 13 branches for security bug #539806 (CVE-2015-1558).
+  Removed vulnerable ebuilds.