oss-sec mailing list archives
CVE Request - Asterisk (AST-2009-008.html)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 05 Nov 2009 10:56:15 +0100
Hello Steve, vendors, Asterisk upstream has recently published two security advisories: a, SIP responses expose valid usernames http://downloads.asterisk.org/pub/security/AST-2009-008.html This is similar issue to AST-2009-003.html (CVE-2008-3903) http://downloads.asterisk.org/pub/security/AST-2009-003.html But according to the patches: http://downloads.digium.com/pub/asa/AST-2009-003-1.6.1.diff.txt (AST-2009-003) vs http://downloads.asterisk.org/pub/security/AST-2009-008-1.6.1.diff.txt (AST-2009-003) it desires a new CVE id. Could you allocate one? The second issue (b,) already got an CVE id of CVE-2008-7220. b, Cross-site AJAX request vulnerability (CVE-2008-7220) http://downloads.asterisk.org/pub/security/AST-2009-009.html Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - Asterisk (AST-2009-008.html) Jan Lieskovsky (Nov 05)
- Re: CVE Request - Asterisk (AST-2009-008.html) Josh Bressers (Nov 05)
- Re: CVE Request - Asterisk (AST-2009-008.html) Moritz Muehlenhoff (Nov 07)
- Re: CVE Request - Asterisk (AST-2009-008.html) Alex Legler (Nov 07)