Two security issues in Asterisk
Bug #42472 reported by
Mattias Bergsten
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
asterisk (Ubuntu) |
Fix Released
|
High
|
MOTU |
Bug Description
Debian today released updates to their Asterisk packages due to two problems, CVE-2005-3559 and CVE-2006-1827.
CVE-2005-3559 is being able to retrieve someone else's recordings, and CVE-2006-1827 is a buffer overflow in the format_jpeg module.
This has been fixed by Digium in 1.2.7.
Might I suggest a port of Debian's patched 1.2.7, seeing as how Ubuntu is stuck with 1.2.1? (Yes, I know it's universe.)
Changed in asterisk: | |
assignee: | nobody → motu |
status: | Unconfirmed → Confirmed |
To post a comment you must log in.
Security fix needed