[ubuntu/karmic-security] asterisk 1:1.6.2.0~rc2-0ubuntu1.1 (Accepted)

[Ubuntu Installer]

asterisk (1:1.6.2.0~rc2-0ubuntu1.1) karmic-security; urgency=low

  * SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
    - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
      check ACL for handling SIP INVITEs.  This blocks calls on networks
      intended to be prohibited, by configuration. Based on upstream patch.
    - AST-2009-007
    - CVE-2009-3723
  * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
    - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
      to stop a specially crafted series of requests returning valid usernames.
      Based on upstream patch.
    - AST-2009-008
    - CVE-2009-3727
  * SECURITY UPDATE:  RTP Remote Crash Vulnerability (LP: #493555).
    - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
      comfort noise payload containing 24 bytes or greater is recieved.
    - AST-2009-010
    - CVE-2009-4055

Date: Mon, 07 Dec 2009 12:23:36 +0000
Changed-By: Dave Walker (Daviey) <DaveWalker at ubuntu.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/asterisk/1:1.6.2.0~rc2-0ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 12:23:36 +0000
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source
Version: 1:1.6.2.0~rc2-0ubuntu1.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Dave Walker (Daviey) <DaveWalker at ubuntu.com>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h323 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Changes: 
 asterisk (1:1.6.2.0~rc2-0ubuntu1.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
     - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
       check ACL for handling SIP INVITEs.  This blocks calls on networks
       intended to be prohibited, by configuration. Based on upstream patch.
     - AST-2009-007
     - CVE-2009-3723
   * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
     - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
       to stop a specially crafted series of requests returning valid usernames.
       Based on upstream patch.
     - AST-2009-008
     - CVE-2009-3727
   * SECURITY UPDATE:  RTP Remote Crash Vulnerability (LP: #493555).
     - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
       comfort noise payload containing 24 bytes or greater is recieved.
     - AST-2009-010
     - CVE-2009-4055
Checksums-Sha1: 
 64ef4580414ec15eff0329bab2efd61b38bcb10a 2141 asterisk_1.6.2.0~rc2-0ubuntu1.1.dsc
 adf483cf41b50c4a3e50c76430db68a703d57e25 65731 asterisk_1.6.2.0~rc2-0ubuntu1.1.diff.gz
Checksums-Sha256: 
 cc99e6dabeb58206943891e7cf723d817d1c51f78fed82b059f264a727a88dec 2141 asterisk_1.6.2.0~rc2-0ubuntu1.1.dsc
 e05a3293b1161b7a55f3fa254ca6910cd1fd1eab4c8981521a10c2915750f72b 65731 asterisk_1.6.2.0~rc2-0ubuntu1.1.diff.gz
Files: 
 46977920cd02a71a0692f7f993a449e5 2141 comm optional asterisk_1.6.2.0~rc2-0ubuntu1.1.dsc
 21be9d3b1e50807db345ba767a9754b9 65731 comm optional asterisk_1.6.2.0~rc2-0ubuntu1.1.diff.gz
Launchpad-Bugs-Fixed: 491632 491637 493555
Original-Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>