[oss-security] CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)

Hi Josh, Steve, vendors,

   Asterisk upstream yesterday released AST-2011-001, also with patches for supported versions.
   References:
   [1] http://downloads.asterisk.org/pub/security/AST-2011-001.html
   [2] http://seclists.org/fulldisclosure/2011/Jan/297
   [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487
   [4] https://bugzilla.redhat.com/show_bug.cgi?id=670777

Could you allocate CVE id for this?

Thanks && Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Response Team

• This message: [ Message body ]
• Next message: Steven M. Christey: "Re: [oss-security] CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)"
• Previous message: Steven M. Christey: "Re: [oss-security] CVE request: tor"
• Next in thread: Steven M. Christey: "Re: [oss-security] CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)"
• Reply: Steven M. Christey: "Re: [oss-security] CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]