[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#935200: marked as done (buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u1)

Your message dated Sat, 07 Sep 2019 14:34:49 +0100
with message-id <[🔎] f49e2985d8466065c49c03185c24465a32228fb5.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes including in 10.1 point release
has caused the Debian Bug report #935200,
regarding buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
935200: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935200
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I'd like to update asterisk with a fix for two minor CVEs that have been deemed
no-dsa. Exactly the same change (apart from the d/gbp.conf update for the
Buster branch) has been uploaded to sid as -2 and migrated to testing a month
ago.

Debdiff attached.

Bernhard

diff -Nru asterisk-16.2.1~dfsg/debian/changelog asterisk-16.2.1~dfsg/debian/changelog
--- asterisk-16.2.1~dfsg/debian/changelog	2019-03-07 23:13:24.000000000 +0100
+++ asterisk-16.2.1~dfsg/debian/changelog	2019-08-20 22:31:33.000000000 +0200
@@ -1,3 +1,13 @@
+asterisk (1:16.2.1~dfsg-1+deb10u1) buster; urgency=medium
+
+  * AST-2019-002 / CVE-2019-12827
+    Buffer overflow in res_pjsip_messaging (Closes: #931980)
+  * AST-2019-003 / CVE-2019-13161
+    Remote Crash Vulnerability in chan_sip (Closes: #931981)
+  * d/gbp.conf: Update for Buster branch
+
+ -- Bernhard Schmidt <berni@debian.org>  Tue, 20 Aug 2019 22:31:36 +0200
+
 asterisk (1:16.2.1~dfsg-1) unstable; urgency=medium
 
   * New upstream version 16.2.1~dfsg
diff -Nru asterisk-16.2.1~dfsg/debian/gbp.conf asterisk-16.2.1~dfsg/debian/gbp.conf
--- asterisk-16.2.1~dfsg/debian/gbp.conf	2019-03-07 23:13:24.000000000 +0100
+++ asterisk-16.2.1~dfsg/debian/gbp.conf	2019-08-20 22:31:33.000000000 +0200
@@ -4,3 +4,4 @@
 pristine-tar = True
 sign-tags = True
 filter = .gitignore
+debian-branch = buster
diff -Nru asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch
--- asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch	1970-01-01 01:00:00.000000000 +0100
+++ asterisk-16.2.1~dfsg/debian/patches/AST-2019-002.patch	2019-08-20 22:31:33.000000000 +0200
@@ -0,0 +1,40 @@
+From 785bf3a755e47d92caef110e6040295764d08127 Mon Sep 17 00:00:00 2001
+From: George Joseph <gjoseph@digium.com>
+Date: Wed, 12 Jun 2019 12:03:04 -0600
+Subject: [PATCH] res_pjsip_messaging:  Check for body in in-dialog message
+
+We now check that a body exists and it has a length > 0 before
+attempting to process it.
+
+ASTERISK-28447
+Reported-by: Gil Richard
+
+Change-Id: Ic469544b22ab848734636588d4c93426cc6f4b1f
+---
+ res/res_pjsip_messaging.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/res/res_pjsip_messaging.c b/res/res_pjsip_messaging.c
+index 0e10a8f047..930cf84a53 100644
+--- a/res/res_pjsip_messaging.c
++++ b/res/res_pjsip_messaging.c
+@@ -90,10 +90,13 @@ static enum pjsip_status_code check_content_type_in_dialog(const pjsip_rx_data *
+ 	static const pj_str_t text = { "text", 4};
+ 	static const pj_str_t application = { "application", 11};
+ 
++	if (!(rdata->msg_info.msg->body && rdata->msg_info.msg->body->len > 0)) {
++		return res;
++	}
++
+ 	/* We'll accept any text/ or application/ content type */
+-	if (rdata->msg_info.msg->body && rdata->msg_info.msg->body->len
+-		&& (pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &text) == 0
+-			|| pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &application) == 0)) {
++	if (pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &text) == 0
++			|| pj_stricmp(&rdata->msg_info.msg->body->content_type.type, &application) == 0) {
+ 		res = PJSIP_SC_OK;
+ 	} else if (rdata->msg_info.ctype
+ 		&& (pj_stricmp(&rdata->msg_info.ctype->media.type, &text) == 0
+-- 
+2.21.0
+
diff -Nru asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch
--- asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch	1970-01-01 01:00:00.000000000 +0100
+++ asterisk-16.2.1~dfsg/debian/patches/AST-2019-003.patch	2019-08-20 22:31:33.000000000 +0200
@@ -0,0 +1,39 @@
+From 1e4df0215af4f192ed06a7fc7589c799f1ec6091 Mon Sep 17 00:00:00 2001
+From: Francesco Castellano <francesco.castellano@messagenet.it>
+Date: Fri, 28 Jun 2019 18:15:31 +0200
+Subject: [PATCH] chan_sip: Handle invalid SDP answer to T.38 re-invite
+
+The chan_sip module performs a T.38 re-invite using a single media
+stream of udptl, and expects the SDP answer to be the same.
+
+If an SDP answer is received instead that contains an additional
+media stream with no joint codec a crash will occur as the code
+assumes that at least one joint codec will exist in this
+scenario.
+
+This change removes this assumption.
+
+ASTERISK-28465
+
+Change-Id: I8b02845b53344c6babe867a3f0a5231045c7ac87
+---
+
+diff --git a/channels/chan_sip.c b/channels/chan_sip.c
+index 898b646..a609ff8 100644
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -10965,7 +10965,13 @@
+ 			    ast_rtp_lookup_mime_multiple2(s3, NULL, newnoncodeccapability, 0, 0));
+ 	}
+ 
+-	if (portno != -1 || vportno != -1 || tportno != -1) {
++	/* When UDPTL is negotiated it is expected that there are no compatible codecs as audio or
++	 * video is not being transported, thus we continue in this function further up if that is
++	 * the case. If we receive an SDP answer containing both a UDPTL stream and another media
++	 * stream however we need to check again to ensure that there is at least one joint codec
++	 * instead of assuming there is one.
++	 */
++	if ((portno != -1 || vportno != -1 || tportno != -1) && ast_format_cap_count(newjointcapability)) {
+ 		/* We are now ready to change the sip session and RTP structures with the offered codecs, since
+ 		   they are acceptable */
+ 		unsigned int framing;
diff -Nru asterisk-16.2.1~dfsg/debian/patches/series asterisk-16.2.1~dfsg/debian/patches/series
--- asterisk-16.2.1~dfsg/debian/patches/series	2019-03-07 23:13:24.000000000 +0100
+++ asterisk-16.2.1~dfsg/debian/patches/series	2019-08-20 22:31:33.000000000 +0200
@@ -32,3 +32,8 @@
 
 build-reproducibly
 autoreconf-pjproject
+
+# AST-2019-002 / CVE-2019-12827
+AST-2019-002.patch
+# AST-2019-003 / CVE-2019-13161
+AST-2019-003.patch

--- End Message ---
--- Begin Message --- 
Version: 10.1

Hi,

The fixes referenced by each of these bugs were included in today's
buster point release.

Regards,

Adam

--- End Message ---
Reply to: