[ubuntu/lucid] asterisk 1:1.6.2.0~rc2-0ubuntu2 (Accepted)

Roberto D'Auria everlastingfire at autistici.org
Wed Dec 30 14:15:21 GMT 2009 

asterisk (1:1.6.2.0~rc2-0ubuntu2) lucid; urgency=low

  [ Dave Walker (Daviey) ]
  * SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
    - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
      check ACL for handling SIP INVITEs.  This blocks calls on networks
      intended to be prohibited, by configuration. Based on upstream patch.
    - AST-2009-007
    - CVE-2009-3723
  * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
    - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
      to stop a specially crafted series of requests returning valid usernames.
      Based on upstream patch.
    - AST-2009-008
    - CVE-2009-3727
  * SECURITY UPDATE:  RTP Remote Crash Vulnerability (LP: #493555).
    - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
      comfort noise payload containing 24 bytes or greater is recieved.
    - AST-2009-010
    - CVE-2009-4055

  [ Roberto D'Auria ]
  * debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on
    heavy traffic on iax2 channel, editing channels/chan_iax2.c.
    Based on upstream patch. (LP: #501116)

Date: Wed, 30 Dec 2009 14:49:24 +0100
Changed-By: Roberto D'Auria <everlastingfire at autistici.org>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Signed-By: Devid Antonio Filoni <d.filoni at techemail.com>
https://launchpad.net/ubuntu/lucid/+source/asterisk/1:1.6.2.0~rc2-0ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 30 Dec 2009 14:49:24 +0100
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source
Version: 1:1.6.2.0~rc2-0ubuntu2
Distribution: lucid
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Roberto D'Auria <everlastingfire at autistici.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-config - Configuration files for Asterisk
 asterisk-dbg - Debugging symbols for Asterisk
 asterisk-dev - Development files for Asterisk
 asterisk-doc - Source code documentation for Asterisk
 asterisk-h323 - H.323 protocol support for Asterisk
 asterisk-sounds-main - Core Sound files for Asterisk (English)
Changes: 
 asterisk (1:1.6.2.0~rc2-0ubuntu2) lucid; urgency=low
 .
   [ Dave Walker (Daviey) ]
   * SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
     - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
       check ACL for handling SIP INVITEs.  This blocks calls on networks
       intended to be prohibited, by configuration. Based on upstream patch.
     - AST-2009-007
     - CVE-2009-3723
   * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
     - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
       to stop a specially crafted series of requests returning valid usernames.
       Based on upstream patch.
     - AST-2009-008
     - CVE-2009-3727
   * SECURITY UPDATE:  RTP Remote Crash Vulnerability (LP: #493555).
     - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
       comfort noise payload containing 24 bytes or greater is recieved.
     - AST-2009-010
     - CVE-2009-4055
 .
   [ Roberto D'Auria ]
   * debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on
     heavy traffic on iax2 channel, editing channels/chan_iax2.c.
     Based on upstream patch. (LP: #501116)
Checksums-Sha1: 
 43892045a20286c5c988027187338286afbc4bad 2133 asterisk_1.6.2.0~rc2-0ubuntu2.dsc
 a87b8825c5ccca3fb2de68d2b9905863d22be8ee 66473 asterisk_1.6.2.0~rc2-0ubuntu2.diff.gz
Checksums-Sha256: 
 108fc5caa538fbd86c1346cee55045d387d029f2ac3af765b4179b84d1f832a6 2133 asterisk_1.6.2.0~rc2-0ubuntu2.dsc
 3c45177f2922899f512b649c58c26230f50126ec299f73699c48b823ddf393cb 66473 asterisk_1.6.2.0~rc2-0ubuntu2.diff.gz
Files: 
 f5ed594e0955a2e1259ac6622cc899dd 2133 comm optional asterisk_1.6.2.0~rc2-0ubuntu2.dsc
 73eb207f66ae42c0998b06ea9be01efb 66473 comm optional asterisk_1.6.2.0~rc2-0ubuntu2.diff.gz
Launchpad-Bugs-Fixed: 491632 491637 493555 501116
Original-Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAks7X/YACgkQONbgY3E1bGDkGQCfekSZcy+ME459RmPD7/kg0lkM
n8oAoLhBBzI4pucRlkqbmIuX4QwkgO+C
=fCAt
-----END PGP SIGNATURE-----

More information about the Lucid-changes mailing list