-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 05 Oct 2017 12:49:56 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source all amd64 Version: 1:1.8.13.1~dfsg1-3+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX Changes: asterisk (1:1.8.13.1~dfsg1-3+deb7u7) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-14100: unauthorized command execution. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. Checksums-Sha1: a9f713da15d63706ee665426a695d8e36672f3aa 3845 asterisk_1.8.13.1~dfsg1-3+deb7u7.dsc 65c15e35d3d88037b81f2b7d6414b81c3412a0ea 408144 asterisk_1.8.13.1~dfsg1-3+deb7u7.debian.tar.gz d27d341d256ccb0bf28c977b1cd4c426886c8fe7 1990662 asterisk-doc_1.8.13.1~dfsg1-3+deb7u7_all.deb 8ee379f475602515db3cba600e073d33fa52021e 962348 asterisk-dev_1.8.13.1~dfsg1-3+deb7u7_all.deb 7fa3b0b7d85db72431ea4012be6a8180c31ee6c5 999776 asterisk-config_1.8.13.1~dfsg1-3+deb7u7_all.deb 60ad2345838f82829c34315ebfe3b4024980d760 1773478 asterisk_1.8.13.1~dfsg1-3+deb7u7_amd64.deb a3bbdcde4e54a7eb345c991e01287b8535ee6808 2837856 asterisk-modules_1.8.13.1~dfsg1-3+deb7u7_amd64.deb cd21ec56e9f110af0f696f1bfb3977217fe9c261 924924 asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 62e18228fa12db180e96cd4295147b97398f8cf1 695282 asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 08c19d9f120d99a6807cc24fe6a4136044bf8efb 712224 asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 3ac8b2c8cd4fd70dc73136d975a78cf7cd253548 701328 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 73c1610e59946a1bdb92abde71c3291e3b3aedc6 1040278 asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 9c1369d49ee0be26f6f803ce5d451d0737c55470 634644 asterisk-mp3_1.8.13.1~dfsg1-3+deb7u7_amd64.deb ca4ee3f59a15763fecd2e18037ca47a90346e0a5 661554 asterisk-mysql_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 69be466b8b68a5496fe5731d74f88362756479fc 648436 asterisk-mobile_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 12914eb35e5b5a2e6fceb1275aa3726a24e2a9ea 30081130 asterisk-dbg_1.8.13.1~dfsg1-3+deb7u7_amd64.deb Checksums-Sha256: 8d93a88a159d7c93af6e55653d36422ecf086dda198db20c7675192c0c99d731 3845 asterisk_1.8.13.1~dfsg1-3+deb7u7.dsc 04109e269c01e73698f087c46dc4c8db6b5d5f488849a5cd6a288c05fcc100f1 408144 asterisk_1.8.13.1~dfsg1-3+deb7u7.debian.tar.gz ae8e9d7ac385837f34310ee211e24d67c9bc95d5ddbcec74ff70abdbcb543574 1990662 asterisk-doc_1.8.13.1~dfsg1-3+deb7u7_all.deb 4ee369b547d9dbb4bcd66016b3457bcda12b08878538312b26c5016d6fed432d 962348 asterisk-dev_1.8.13.1~dfsg1-3+deb7u7_all.deb 5f97164a068bdf5766b205d4a1dc0d3b1b6c117660c610b78b1a807c322aa4c9 999776 asterisk-config_1.8.13.1~dfsg1-3+deb7u7_all.deb 1838ed5b6132d94d08125535949f8d863e7ff3c0b15ceabac0b9cb39843b10d2 1773478 asterisk_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 804c37a09b8f2175409657b91093d36e273bb80d36d62474946fabcc6d087157 2837856 asterisk-modules_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 6573d443971da6a200f19c3a3c0beff5febb34cbfa8f587c43e662566c05ea07 924924 asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u7_amd64.deb f97ab9ab10201aedd6506583bd6a4f41c4fbe1cefdd5cd2cfa878791bebacf78 695282 asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 071cee865448ddb3230696bfa0dcd200fd1f1ea6bba0009d43c4337f7117b683 712224 asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 196a6dbf4d6f88eae2b85844e636fce902ce8756cedbfdfd86141dcdbf1eeea9 701328 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u7_amd64.deb ca417d1b4645491c734b3f15b503e087ae0b730d142f9943fa950d865a89cc79 1040278 asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 206420d1b9f40c38378a85e489efb73b69957ac6862753ff851c0fb650ca5016 634644 asterisk-mp3_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 21059bb1012a5a6ea1c104830d0b946cc6de4a05ab86dfd494dd76271a4daffd 661554 asterisk-mysql_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 3091b1296c163afb9de4e798507c1df04cd78beb434dfb2c57413eac34d4a192 648436 asterisk-mobile_1.8.13.1~dfsg1-3+deb7u7_amd64.deb d100e3fd534184ba73d370197ce9544a7c05506f9f5c1c85ae494ebaeaa49a87 30081130 asterisk-dbg_1.8.13.1~dfsg1-3+deb7u7_amd64.deb Files: 102f4d92b856d113be5c07022f021e4b 3845 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u7.dsc 56a61946b8fe60769c356a85a594d383 408144 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u7.debian.tar.gz 9eb5b35c076d5d173edddefab1739a1a 1990662 doc extra asterisk-doc_1.8.13.1~dfsg1-3+deb7u7_all.deb 2347476c041ad8020f00e69df4f9a174 962348 devel extra asterisk-dev_1.8.13.1~dfsg1-3+deb7u7_all.deb 87ee3e09be5456a22673c11db33190b5 999776 comm optional asterisk-config_1.8.13.1~dfsg1-3+deb7u7_all.deb c6250f8748089862b27e77cfdf6dbf18 1773478 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u7_amd64.deb f8f5b066fab9746b142c5a69abc0016f 2837856 libs optional asterisk-modules_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 6adecaf1c0be958bacbc8fae275a17d6 924924 comm optional asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u7_amd64.deb fdab3c5c12f5734f5ce6254bba0ce9ca 695282 comm optional asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u7_amd64.deb c106f149ea2f7eec3c34773197e679b0 712224 comm optional asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 93dfaaabd50d9b5044186da8405cb39e 701328 comm optional asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u7_amd64.deb faaff5496c96a983e26ae47cd69777d5 1040278 comm optional asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u7_amd64.deb a9746b2ac90fe18b37607a64b8b90cbb 634644 comm optional asterisk-mp3_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 4a40248f6e0983767557ca70d9b62464 661554 comm optional asterisk-mysql_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 5a18a001c317bccd0b083a07ddc119b2 648436 comm optional asterisk-mobile_1.8.13.1~dfsg1-3+deb7u7_amd64.deb 26c52f1c37da3eaa5766bc4dd70a4528 30081130 debug extra asterisk-dbg_1.8.13.1~dfsg1-3+deb7u7_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlnWEKRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkWwgP/2xPEq5V58zGS/7v2/Q5T/Te6nFKAoAszjJn nN67ZUDJfCW3fp3EbqZawvGOhafMy/LwJEdMXoSqM2YO8LIkyq7qFijg1MCSURCP zB0baGmffYyMLgURBbb8xNxFWmn0zbuSy4AHZH2dlwIUsdTXAOYrhgGbcW2/tIIL gXAZ0QTVvubGxeaD4v+H2dTUK7oWoPL53jN+lUYr4gHkVe50ObH1nRjq4fxQjUpF 8OUvAN+ct5aZf0t83Up1HaiQaBD+yoZOLKa4CWpaXs0I+yA0+NT4MykZmALE/N22 /XmWUx2pZYCWvt3tDJQ5525BDv6DLjdPJzxneXwL/1vwrVUJUzCYH+6SfWpbIxzo WdSHEJOkQ/yFEk2oU5pCor3MUZE5ZpRLpbA+Yo8//eZPOtWipdiU4nXdibdEUWT6 oQWeQ48YGM9X3fdOsV1YYN6hMmkstX7xCBEclqMynuRm5/wimfLvVK4R+TFRqKzT tRYFOCYZdp9n++n2xRqBNrUVxz/FJPWKRQcMtEmld/OKgj0FHH1cxprpjMe+TJC0 WPwBoPuVLrX51ipDI/gecSCcJr9ICZMTVD/g2DWQnBzEaQzRBKA6fSPf22qeAX7H 7Q8U469371hqUSkLZPG+xzMzmHVaw0NfHhI34FdbOZzug39nuGDc9VxUpkRVl9pC DsS8eS3W =E8U1 -----END PGP SIGNATURE-----
