[ubuntu/lucid] asterisk 1:1.6.2.0~rc2-0ubuntu2 (Accepted)
Roberto D'Auria
everlastingfire at autistici.org
Wed Dec 30 14:15:21 GMT 2009
asterisk (1:1.6.2.0~rc2-0ubuntu2) lucid; urgency=low
[ Dave Walker (Daviey) ]
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
- debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
check ACL for handling SIP INVITEs. This blocks calls on networks
intended to be prohibited, by configuration. Based on upstream patch.
- AST-2009-007
- CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
- debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
to stop a specially crafted series of requests returning valid usernames.
Based on upstream patch.
- AST-2009-008
- CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
- debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
comfort noise payload containing 24 bytes or greater is recieved.
- AST-2009-010
- CVE-2009-4055
[ Roberto D'Auria ]
* debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on
heavy traffic on iax2 channel, editing channels/chan_iax2.c.
Based on upstream patch. (LP: #501116)
Date: Wed, 30 Dec 2009 14:49:24 +0100
Changed-By: Roberto D'Auria <everlastingfire at autistici.org>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Signed-By: Devid Antonio Filoni <d.filoni at techemail.com>
https://launchpad.net/ubuntu/lucid/+source/asterisk/1:1.6.2.0~rc2-0ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 30 Dec 2009 14:49:24 +0100
Source: asterisk
Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config
Architecture: source
Version: 1:1.6.2.0~rc2-0ubuntu2
Distribution: lucid
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Roberto D'Auria <everlastingfire at autistici.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-h323 - H.323 protocol support for Asterisk
asterisk-sounds-main - Core Sound files for Asterisk (English)
Changes:
asterisk (1:1.6.2.0~rc2-0ubuntu2) lucid; urgency=low
.
[ Dave Walker (Daviey) ]
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
- debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
check ACL for handling SIP INVITEs. This blocks calls on networks
intended to be prohibited, by configuration. Based on upstream patch.
- AST-2009-007
- CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
- debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
to stop a specially crafted series of requests returning valid usernames.
Based on upstream patch.
- AST-2009-008
- CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
- debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
comfort noise payload containing 24 bytes or greater is recieved.
- AST-2009-010
- CVE-2009-4055
.
[ Roberto D'Auria ]
* debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on
heavy traffic on iax2 channel, editing channels/chan_iax2.c.
Based on upstream patch. (LP: #501116)
Checksums-Sha1:
43892045a20286c5c988027187338286afbc4bad 2133 asterisk_1.6.2.0~rc2-0ubuntu2.dsc
a87b8825c5ccca3fb2de68d2b9905863d22be8ee 66473 asterisk_1.6.2.0~rc2-0ubuntu2.diff.gz
Checksums-Sha256:
108fc5caa538fbd86c1346cee55045d387d029f2ac3af765b4179b84d1f832a6 2133 asterisk_1.6.2.0~rc2-0ubuntu2.dsc
3c45177f2922899f512b649c58c26230f50126ec299f73699c48b823ddf393cb 66473 asterisk_1.6.2.0~rc2-0ubuntu2.diff.gz
Files:
f5ed594e0955a2e1259ac6622cc899dd 2133 comm optional asterisk_1.6.2.0~rc2-0ubuntu2.dsc
73eb207f66ae42c0998b06ea9be01efb 66473 comm optional asterisk_1.6.2.0~rc2-0ubuntu2.diff.gz
Launchpad-Bugs-Fixed: 491632 491637 493555 501116
Original-Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAks7X/YACgkQONbgY3E1bGDkGQCfekSZcy+ME459RmPD7/kg0lkM
n8oAoLhBBzI4pucRlkqbmIuX4QwkgO+C
=fCAt
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list