Bug 21679

Summary: asterisk new security issues CVE-2017-14099, CVE-2017-14100, and CVE-2017-14603
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: marja11, oe
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: asterisk-11.23.1-1.1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2017-09-07 14:55:27 CEST 
Debian has issued an advisory on September 4:
https://www.debian.org/security/2017/dsa-3964

Upstream advisories for this from August 31:
http://downloads.asterisk.org/pub/security/AST-2017-005.html
http://downloads.asterisk.org/pub/security/AST-2017-006.html

The issues are fixed in 11.25.2.
Comment 1 Marja Van Waes 2017-09-08 00:16:06 CEST 
Assigning to all packagers collectively, since the registered maintainer for this package, Oden, is probably still unavailable.

CC: (none) => marja11, oe
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2017-10-04 20:48:34 CEST 
Debian has issued an advisory on October 3:
https://www.debian.org/security/2017/dsa-3990

Upstream advisory for this from September 19:
http://downloads.asterisk.org/pub/security/AST-2017-008.html

The issues are fixed in 11.25.3.

Summary: asterisk new security issues CVE-2017-14099 and CVE-2017-14100 => asterisk new security issues CVE-2017-14099, CVE-2017-14100, and CVE-2017-14603

Comment 3 David Walser 2017-12-29 02:18:31 CET 
I tried to update this, but the %install step failed with:

+ install -D -p -m 0755 apps/app_directory_plain.so /home/iurt/rpmbuild/BUILDROOT/asterisk-11.25.3-1.mga5.x86_64/usr/lib64/asterisk/modules/
install: cannot stat 'apps/app_directory_plain.so': No such file or directory

not sure why.

This package is no longer supported.

Status: NEW => RESOLVED
Resolution: (none) => OLD