[ubuntu/karmic-security] asterisk 1:1.6.2.0~rc2-0ubuntu1.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Dec 9 00:03:39 GMT 2009
asterisk (1:1.6.2.0~rc2-0ubuntu1.1) karmic-security; urgency=low
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
- debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
check ACL for handling SIP INVITEs. This blocks calls on networks
intended to be prohibited, by configuration. Based on upstream patch.
- AST-2009-007
- CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
- debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
to stop a specially crafted series of requests returning valid usernames.
Based on upstream patch.
- AST-2009-008
- CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
- debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
comfort noise payload containing 24 bytes or greater is recieved.
- AST-2009-010
- CVE-2009-4055
Date: Mon, 07 Dec 2009 12:23:36 +0000
Changed-By: Dave Walker (Daviey) <DaveWalker at ubuntu.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/asterisk/1:1.6.2.0~rc2-0ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 12:23:36 +0000
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source
Version: 1:1.6.2.0~rc2-0ubuntu1.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Dave Walker (Daviey) <DaveWalker at ubuntu.com>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Changes:
asterisk (1:1.6.2.0~rc2-0ubuntu1.1) karmic-security; urgency=low
.
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
- debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
check ACL for handling SIP INVITEs. This blocks calls on networks
intended to be prohibited, by configuration. Based on upstream patch.
- AST-2009-007
- CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
- debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
to stop a specially crafted series of requests returning valid usernames.
Based on upstream patch.
- AST-2009-008
- CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
- debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
comfort noise payload containing 24 bytes or greater is recieved.
- AST-2009-010
- CVE-2009-4055
Checksums-Sha1:
64ef4580414ec15eff0329bab2efd61b38bcb10a 2141 asterisk_1.6.2.0~rc2-0ubuntu1.1.dsc
adf483cf41b50c4a3e50c76430db68a703d57e25 65731 asterisk_1.6.2.0~rc2-0ubuntu1.1.diff.gz
Checksums-Sha256:
cc99e6dabeb58206943891e7cf723d817d1c51f78fed82b059f264a727a88dec 2141 asterisk_1.6.2.0~rc2-0ubuntu1.1.dsc
e05a3293b1161b7a55f3fa254ca6910cd1fd1eab4c8981521a10c2915750f72b 65731 asterisk_1.6.2.0~rc2-0ubuntu1.1.diff.gz
Files:
46977920cd02a71a0692f7f993a449e5 2141 comm optional asterisk_1.6.2.0~rc2-0ubuntu1.1.dsc
21be9d3b1e50807db345ba767a9754b9 65731 comm optional asterisk_1.6.2.0~rc2-0ubuntu1.1.diff.gz
Launchpad-Bugs-Fixed: 491632 491637 493555
Original-Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
More information about the Karmic-changes
mailing list