[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: asterisk stable update for CVE-2009-0041

On Sun, Apr 26, 2009 at 03:40:35PM +0200, Nico Golde wrote:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for asterisk some time ago.
> CVE-2009-0041[0]:
> | IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before
> | 1.4.23-rc4, and 1.6.x before; Business Edition A.x.x,
> | B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before
> | C.; and s800i 1.2.x before 1.3.0 responds differently to a
> | failed login attempt depending on whether the user account exists,
> | which allows remote attackers to enumerate valid usernames.
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian stable. It does
> not warrant a DSA.
> This is Debian bug #513413.
> However it would be nice if this could get fixed via a regular point update[1].
> Please contact the release team for this.

This, as well as CVE-2008-3903, are fixed in the SVN (branches/etch ,
branches/lenny )


> _______________________________________________
> Pkg-voip-maintainers mailing list
> Pkg-voip-maintainers@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-voip-maintainers

               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen@xorcom.com
+972-50-7952406           mailto:tzafrir.cohen@xorcom.com
http://www.xorcom.com  iax:guest@local.xorcom.com/tzafrir

Reply to: