[Bug 1022360] Re: (CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk: Possible resource leak on uncompleted re-invite transactions
Launchpad Bug Tracker
1022360 at bugs.launchpad.net
Sat Sep 8 10:50:09 UTC 2012
This bug was fixed in the package asterisk - 1:1.8.13.1~dfsg-1ubuntu1
---------------
asterisk (1:1.8.13.1~dfsg-1ubuntu1) quantal; urgency=low
* Merge from Debian unstable. (LP: #1022360, CVE-2012-3812)
Remaining changes:
- debian/asterisk.init: chown /dev/dahdi
- Fix building on armhf with debian/patches/armhf-fixes:
+ Flatten linux-gnueabihf in configure to linux-gnu, in
the same way that's already done for linux-gnueabi
asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low
* New upstream release (Closes: #680470):
- Fixes AST-2012-010 (CVE-2012-3863).
- Fixes AST-2012-011 (CVE-2012-38612).
* Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR
* Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls
by some IAX2 peers.
-- Julian Taylor <jtaylor at ubuntu.com> Sat, 08 Sep 2012 12:38:06 +0200
** Changed in: asterisk (Ubuntu)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2186
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3861
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4737
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/1022360
Title:
(CVE-2012-3812) CVE-2012-3812 asterisk: Remote crash vulnerability in
voice mail application (CVE-2012-3863) CVE-2012-3863 asterisk:
Possible resource leak on uncompleted re-invite transactions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1022360/+subscriptions
More information about the Ubuntu-server-bugs
mailing list