Bug#364195: CVE-2006-1827: arbitrary code execution
Jose Carlos Garcia Sogo
jsogo at debian.org
Sat Apr 22 11:00:00 UTC 2006
El vie, 21-04-2006 a las 22:41 +0200, Kilian Krause escribió:
> Hi Stefan,
>
> Am Freitag, den 21.04.2006, 22:24 +0200 schrieb Stefan Fritsch:
> > Package: asterisk
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> >
> > CVE-2006-1827:
> > Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and
> > earlier allows remote attackers to execute arbitrary code via a length
> > value that passes a length check as a negative number, but triggers a
> > buffer overflow when it is used as an unsigned length.
> >
> > This is fixed in 1.2.7.
>
> well, 1.2.7 is unlikely to hit Sarge, we'll try to include the fix
> http://svn.digium.com/view/asterisk/branches/1.2/formats/format_jpeg.c?r1=7221&r2=18436&diff_format=u
> into the sarge package and propose it to the security team as we have it
> ready.
>
> For SID and Etch, we have just rolled out 1.2.7.1 into unstable today
> which will sooner or later hit Etch and implicitly fix this.
Anyway, this have to be added to changelog, closing this bug and
mention CVE-id in it. This way, security team will be able to check that
this CVE is fixed in sid/etch and not in sarge, through BTS version
tracking.
--
Jose Carlos Garcia Sogo
jsogo at debian.org
More information about the Pkg-voip-maintainers
mailing list