[Bug 1205644] Re: Merge asterisk 1:1.8.13.1~dfsg-3 (universe) from Debian unstable (main)

Launchpad Bug Tracker 1205644 at bugs.launchpad.net
Tue Jul 30 12:42:47 UTC 2013


** Branch linked: lp:ubuntu/saucy-proposed/asterisk

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1205644

Title:
  Merge asterisk 1:1.8.13.1~dfsg-3 (universe) from Debian unstable
  (main)

Status in “asterisk” package in Ubuntu:
  New

Bug description:
  asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high

    * Rewrtote sip.conf parts of AST-2012-014: dropped patches
      fix-sip-tcp-no-FILE and fix-sip-tls-leak.
    * Reverting other changes rejected by the release team: README.Debian,
      powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).

   -- Tzafrir Cohen <tzafrir at debian.org>  Tue, 09 Apr 2013 13:23:07
  +0300

  asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high

    * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
      - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
        allocations when using TCP.
        The following two fixes were also pulled in order to easily apply it:
        - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
        - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
      - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
        Exploitation of Device State Caching
    * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
    * README.Debian: document running the testsuite. 
    * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
    * Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
      - Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
        a large POST.
      - Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
        SIP channel driver.
    * Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).

   -- Tzafrir Cohen <tzafrir at debian.org>  Sat, 06 Apr 2013 14:15:41
  +0300

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1205644/+subscriptions



More information about the Ubuntu-sponsors mailing list