Bug 665469

Summary: VUL-0: Asterisk: Stack-based buffer overflow
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: GeneralAssignee: Reinhard Max <max>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: .
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Sebastian Krahmer 2011-01-19 11:29:46 UTC
From: Jan Lieskovsky
To: oss-security

Hi Josh, Steve, vendors,

  Asterisk upstream yesterday released AST-2011-001, also with patches for
  supported versions.
  [1] http://downloads.asterisk.org/pub/security/AST-2011-001.html
  [2] http://seclists.org/fulldisclosure/2011/Jan/297
  [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
  [4] https://bugzilla.redhat.com/show_bug.cgi?id=670777

Could you allocate CVE id for this?
Comment 1 Sebastian Krahmer 2011-01-19 13:27:23 UTC
Comment 2 Swamp Workflow Management 2011-01-19 13:45:12 UTC
The SWAMPID for this issue is 38307.
This issue was rated as moderate.
Please submit fixed packages until 2011-02-02.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 3 Reinhard Max 2011-01-19 13:51:41 UTC
We haven't shipped asterisk with openSUSE since 10.1.