Accepted asterisk 1:1.2.13~dfsg-2etch1 (source all i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 21 Aug 2007 06:21:00 +0300
Source: asterisk
Binary: asterisk-h323 asterisk-web-vmail asterisk asterisk-classic asterisk-dev asterisk-doc asterisk-sounds-main asterisk-bristuff asterisk-config
Architecture: source all i386
Version: 1:1.2.13~dfsg-2etch1
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <paravoid@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-bristuff - Open Source Private Branch Exchange (PBX) - BRIstuff-enabled vers
asterisk-classic - Open Source Private Branch Exchange (PBX) - original Digium versi
asterisk-config - config files for asterisk
asterisk-dev - development files for asterisk
asterisk-doc - documentation for asterisk
asterisk-h323 - asterisk H.323 VoIP channel
asterisk-sounds-main - sound files for asterisk
asterisk-web-vmail - Web-based (CGI) voice mail interface for Asterisk
Changes:
asterisk (1:1.2.13~dfsg-2etch1) stable-security; urgency=high
.
* Add myself to Uploaders to mark this as a maintainer upload.
* Multiple upstream security fixes:
- channels/chan_sip.c: If a SIP message comes in and goes to a method
handler that requires additional values that may not be present then
send back an error. (CVE-2007-1306)
- channels/chan_sip.c: fix bug that allows remote attackers to cause a
denial of service (crash) via a SIP INVITE message with an SDP
containing one valid and one invalid IP address. (CVE-2007-1561)
- channels/chan_sip.c: Only try to handle a response if it has a response
code. (ASA-2007-011, CVE-2007-1594, CVE-2007-2297)
- manager.c: Don't crash if a manager connection provides a username that
exists in manager.conf but does not have a password, and also requests
MD5 authentication. (ASA-2007-012, CVE-2007-2294)
- channels/iax2-parser.h, channels/chan_iax2.c, channels/iax2-parser.c:
Ensure that when encoding the contents of an ast_frame into an iax_frame,
that the size of the destination buffer is known in the iax_frame so that
code won't write past the end of the allocated buffer when sending
outgoing frames. (ASA-2007-014, CVE-2007-3762)
- channels/chan_iax2.c: if a text frame is sent with no terminating NULL
through a bridged IAX connection, the remote end will receive garbage
characters tacked onto the end. (CVE-2007-2488)
- channels/chan_iax2.c: After parsing information elements in IAX frames,
set the data length to zero, so that code later on does not think it has
data to copy. (ASA-2007-015, CVE-2007-3763)
- channels/chan_skinny.c: Properly check for the length in the skinny packet
to prevent an invalid memcpy. (ASA-2007-016, CVE-2007-3764)
* i386 binary packages in etch were unfortunately compiled in an unclean
chroot with libsqlite3-dev present and provide a feature based on that.
Added a build dependency on that package to avoid regressions on a security
upload.
Files:
97a08cc08f7a14f50af5583f6cfaae89 1488 comm optional asterisk_1.2.13~dfsg-2etch1.dsc
f8ee088b2e4feffe2b35d78079f90b69 3835589 comm optional asterisk_1.2.13~dfsg.orig.tar.gz
b99340fd02758c851c28ae1e3c955d42 178578 comm optional asterisk_1.2.13~dfsg-2etch1.diff.gz
d90b1991d6afd624e9f31668ef018587 146440 comm optional asterisk_1.2.13~dfsg-2etch1_all.deb
23be47715b380082a03a35d8805a6211 1499930 doc optional asterisk-doc_1.2.13~dfsg-2etch1_all.deb
3f0386aaaad741f88b25ec997e7af8dd 169902 devel optional asterisk-dev_1.2.13~dfsg-2etch1_all.deb
e4ad12dc4a65fd9eaf8a58efc4def422 1504542 comm optional asterisk-sounds-main_1.2.13~dfsg-2etch1_all.deb
6feb2b37089d8f828130cc21c8e79625 73698 comm optional asterisk-web-vmail_1.2.13~dfsg-2etch1_all.deb
53dd0cd1001f4e78b2b2016773d60e5c 131626 comm optional asterisk-config_1.2.13~dfsg-2etch1_all.deb
f70eb637297095022cdbd859bddd8376 1615580 comm optional asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
a4e6285b3a8859f93a52121468429ad3 1648860 comm optional asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
76b1d7e76d2baae5857aa56a09e87652 130820 comm optional asterisk-h323_1.2.13~dfsg-2etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGzJtiVty5d8XpUzMRAjjBAJ4heaOn9mjl724QqRLM67hMaNVJWgCfRnoP
Kr4+2zefsERuzV2ZJdniOtI=
=eCWV
-----END PGP SIGNATURE-----
Accepted:
asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
to pool/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
to pool/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
asterisk-config_1.2.13~dfsg-2etch1_all.deb
to pool/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch1_all.deb
asterisk-dev_1.2.13~dfsg-2etch1_all.deb
to pool/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch1_all.deb
asterisk-doc_1.2.13~dfsg-2etch1_all.deb
to pool/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch1_all.deb
asterisk-h323_1.2.13~dfsg-2etch1_i386.deb
to pool/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_i386.deb
asterisk-sounds-main_1.2.13~dfsg-2etch1_all.deb
to pool/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch1_all.deb
asterisk-web-vmail_1.2.13~dfsg-2etch1_all.deb
to pool/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch1_all.deb
asterisk_1.2.13~dfsg-2etch1.diff.gz
to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1.diff.gz
asterisk_1.2.13~dfsg-2etch1.dsc
to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1.dsc
asterisk_1.2.13~dfsg-2etch1_all.deb
to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1_all.deb
Reply to: