[Bug 236473] [NEW] Please sync asterisk 1:1.4.19.1~dfsg-1 (universe) from Debian unstable (main).

William Grant william at qeuni.net
Sun Jun 1 10:45:04 BST 2008 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/asterisk
 status confirmed
 importance wishlist
 subscribe ubuntu-archive

Please sync asterisk 1:1.4.19.1~dfsg-1 (universe) from Debian unstable
(main).


Explanation of the Ubuntu delta and why it can be dropped:

The security fixes are now in Debian and upstream.

Changelog since current intrepid version 1:1.4.17~dfsg-2ubuntu1:

asterisk (1:1.4.19.1~dfsg-1) unstable; urgency=low

  [ Faidon Liambotis ]
  * New upstream release.
    - Dropped configure-libc-client, incorporated upstream.
    - Adapted bristuff patches uniqueid-10-channel-ops-uniqueid,
      uniqueid-30-app-chanspy, zapata-bri+euroisdn.
    - Fixes CVE-2008-1897 / AST-2008-006 (Closes: #477472).
  * Build with -O2 instead of the default -O6 (bug introduced in
    1.4.18~dfsg-1).
  * Depend on libspeexdsp-dev because of the use of preprocessor features,
    which were split from libspeex >= 1.2. 
    - FTBFS: codec_speex.c:99: error: expected specifier-qualifier-list
      before 'SpeexPreprocessState' (Closes: #474789)
    - Asterisk fails to install due to broken libspeex dependency 
      (Closes: #477086)

  [ Lionel Elie Mamane ]
  * debian/rules: fix get-orig-source to actually work
  * Fix genastkey so that keys are not world-readable by default.

  [ Tzafrir Cohen ]
  * Watching downloads.digium.com directly again.
  * Patch apptest_sleep: A woraround for TestServer fail on SEND DTMF 8.

 -- Mark Purcell <msp at debian.org>  Wed, 23 Apr 2008 22:50:35 +1000

asterisk (1:1.4.18.1~dfsg-1) unstable; urgency=high

  * New upstream release.
    - Fixes a vulnerability in the RTP codec payload type handling
      (AST-2008-002, CVE-2008-1289).
    - Fixes a critical vulnerability that could be exploited to bypass SIP
      authentication (AST-2008-003, CVE-2008-1332).
    - Fixes a potential DoS vulnerability in the Manager interface
      (AST-2008-004, CVE-2008-1333).
  * Urgency high because of critical security fixes.

 -- Faidon Liambotis <paravoid at debian.org>  Wed, 19 Mar 2008 00:49:17
+0200

asterisk (1:1.4.18~dfsg-1) unstable; urgency=low

  [ Faidon Liambotis ]
  * Update debian/copyright (packaging copyright, formatting etc.)
  * Remove workaround for gcc ICE on hppa (#445336), since apparently that has
    been fixed.
  * Do not provide asterisk-classic/asterisk-bristuff, we don't want to
    satisfy those dependencies anymore.
  * Provide asterisk-1.4 virtual package, so that all reverse-dependencies
    that use 1.4's ABI can depend on that.
  * Switch asterisk-h323 to the new asterisk-1.4 dependency.
  * Remove libc-client-dev dependency since it is satisfied in etch by a
    version (2002) incompatible to the one that works. (Closes: #465524)
  * Backport upstream's patch for chan_vpb to avoid crashes when no
    VoiceTronix cards are present. (Closes: #466729)
  * Backport feature Bridge from 1.6, thanks to Jon Webster. (Closes: #458475)

  [ Tzafrir Cohen ]
  * New upstream release.
  * Break bristuff BRI/EuroISDN patch:
  - zapata_num_spans - already accepted by upstream. Independent of libpri
    bristuff patch.
  - zapata-bri+euroisdn - now does not depend on most bristuff interface
    changes. But lacks:
  - zapata_euroisdn_holded - Support for putting an ISDN phone on hold.
    Depends on some other bristuff patches, and adds another interface change.
  * patch use-libpri-bristuffed right next to zapata-bri+euroisdn, as
    zapata-bri+euroisdn depends on it to build.
  * patch tos-libcap remeved: merged by upstream.
  * Adjusted patch bristuff/ast-device-state-CID to Asterisk 1.4.18.

 -- Faidon Liambotis <paravoid at debian.org>  Thu, 06 Mar 2008 04:32:33
+0200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIQm+bAc+S8KckfcURAs8GAJ9jdWTaOGMlZ2ZTsjotY9aH6gI+4QCfctvW
qTdiMpmNp6vNtXoWX/ydArk=
=P5w9
-----END PGP SIGNATURE-----

** Affects: asterisk (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
Please sync asterisk 1:1.4.19.1~dfsg-1 (universe) from Debian unstable (main).
https://bugs.launchpad.net/bugs/236473
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.

More information about the ubuntu-archive mailing list