11.7.0 has been committed and submitted to mga3

11.7.0 has been committed to cauldron, needs someone to submit it. Damn, I accidently submitted this one to core/updates_testing in cauldron. So, I bumped the release which should work.

It's now been uploaded for Cauldron.

What exactly would you like the advisory to say for the Mageia 3 update?

Other than that, I guess this is ready for QA.  More details in Comment 0.

Packages uploaded:
asterisk-11.7.0-1.mga3
libasteriskssl1-11.7.0-1.mga3
asterisk-addons-11.7.0-1.mga3
asterisk-firmware-11.7.0-1.mga3
asterisk-devel-11.7.0-1.mga3
asterisk-plugins-corosync-11.7.0-1.mga3
asterisk-plugins-alsa-11.7.0-1.mga3
asterisk-plugins-calendar-11.7.0-1.mga3
asterisk-plugins-cel-11.7.0-1.mga3
asterisk-plugins-curl-11.7.0-1.mga3
asterisk-plugins-dahdi-11.7.0-1.mga3
asterisk-plugins-fax-11.7.0-1.mga3
asterisk-plugins-festival-11.7.0-1.mga3
asterisk-plugins-ices-11.7.0-1.mga3
asterisk-plugins-jabber-11.7.0-1.mga3
asterisk-plugins-jack-11.7.0-1.mga3
asterisk-plugins-lua-11.7.0-1.mga3
asterisk-plugins-ldap-11.7.0-1.mga3
asterisk-plugins-minivm-11.7.0-1.mga3
asterisk-plugins-mobile-11.7.0-1.mga3
asterisk-plugins-mp3-11.7.0-1.mga3
asterisk-plugins-mysql-11.7.0-1.mga3
asterisk-plugins-ooh323-11.7.0-1.mga3
asterisk-plugins-oss-11.7.0-1.mga3
asterisk-plugins-pktccops-11.7.0-1.mga3
asterisk-plugins-portaudio-11.7.0-1.mga3
asterisk-plugins-pgsql-11.7.0-1.mga3
asterisk-plugins-radius-11.7.0-1.mga3
asterisk-plugins-saycountpl-11.7.0-1.mga3
asterisk-plugins-skinny-11.7.0-1.mga3
asterisk-plugins-snmp-11.7.0-1.mga3
asterisk-plugins-speex-11.7.0-1.mga3
asterisk-plugins-sqlite-11.7.0-1.mga3
asterisk-plugins-tds-11.7.0-1.mga3
asterisk-plugins-osp-11.7.0-1.mga3
asterisk-plugins-unistim-11.7.0-1.mga3
asterisk-plugins-voicemail-11.7.0-1.mga3
asterisk-plugins-voicemail-imap-11.7.0-1.mga3
asterisk-plugins-voicemail-plain-11.7.0-1.mga3
asterisk-gui-11.7.0-1.mga3

from asterisk-11.7.0-1.mga3.src.rpm

Assignee: bugsquad => qa-bugs

Procedure: https://bugs.mageia.org/show_bug.cgi?id=11094#c5

Whiteboard: (none) => has_procedure

http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:300/

Thanks Oden.

Advisory:
========================

Updated asterisk packages fix security vulnerability:

Buffer overflow in the unpacksms16 function in apps/app_sms.c in
Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and
11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before
10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4
and 11.x before 11.2-cert3 allows remote attackers to cause a denial
of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).

The updated packages has been upgraded to the 11.7.0 version which
resolves various upstream bugs and is not vulnerable to this issue.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
https://issues.asterisk.org/jira/browse/ASTERISK-22590
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:300/

CC: (none) => luigiwalser

Testing complete mga3 32

No PoC without equipment to match

Just checking for clean update of all packages and followed
https://bugs.mageia.org/show_bug.cgi?id=11094#c5

Whiteboard: has_procedure => has_procedure mga3-32-ok

Testing complete mga3 64

Validating. Advisory uploaded.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure mga3-32-ok => has_procedure advisory mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Update pushed:
http://advisories.mageia.org/MGASA-2013-0384.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED