[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted asterisk 1:1.2.13~dfsg-2etch1 (source all i386)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 21 Aug 2007 06:21:00 +0300
Source: asterisk
Binary: asterisk-h323 asterisk-web-vmail asterisk asterisk-classic asterisk-dev asterisk-doc asterisk-sounds-main asterisk-bristuff asterisk-config
Architecture: source all i386
Version: 1:1.2.13~dfsg-2etch1
Distribution: stable-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <paravoid@debian.org>
Description: 
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-bristuff - Open Source Private Branch Exchange (PBX) - BRIstuff-enabled vers
 asterisk-classic - Open Source Private Branch Exchange (PBX) - original Digium versi
 asterisk-config - config files for asterisk
 asterisk-dev - development files for asterisk
 asterisk-doc - documentation for asterisk
 asterisk-h323 - asterisk H.323 VoIP channel
 asterisk-sounds-main - sound files for asterisk
 asterisk-web-vmail - Web-based (CGI) voice mail interface for Asterisk
Changes: 
 asterisk (1:1.2.13~dfsg-2etch1) stable-security; urgency=high
 .
   * Add myself to Uploaders to mark this as a maintainer upload.
   * Multiple upstream security fixes:
     - channels/chan_sip.c: If a SIP message comes in and goes to a method
       handler that requires additional values that may not be present then
       send back an error. (CVE-2007-1306)
     - channels/chan_sip.c: fix bug that allows remote attackers to cause a
       denial of service (crash) via a SIP INVITE message with an SDP
       containing one valid and one invalid IP address. (CVE-2007-1561)
     - channels/chan_sip.c: Only try to handle a response if it has a response
       code. (ASA-2007-011, CVE-2007-1594, CVE-2007-2297)
     - manager.c: Don't crash if a manager connection provides a username that
       exists in manager.conf but does not have a password, and also requests
       MD5 authentication. (ASA-2007-012, CVE-2007-2294)
     - channels/iax2-parser.h, channels/chan_iax2.c, channels/iax2-parser.c:
       Ensure that when encoding the contents of an ast_frame into an iax_frame,
       that the size of the destination buffer is known in the iax_frame so that
       code won't write past the end of the allocated buffer when sending
       outgoing frames. (ASA-2007-014, CVE-2007-3762)
     - channels/chan_iax2.c: if a text frame is sent with no terminating NULL
       through a bridged IAX connection, the remote end will receive garbage
       characters tacked onto the end. (CVE-2007-2488)
     - channels/chan_iax2.c: After parsing information elements in IAX frames,
       set the data length to zero, so that code later on does not think it has
       data to copy. (ASA-2007-015, CVE-2007-3763)
     - channels/chan_skinny.c: Properly check for the length in the skinny packet
       to prevent an invalid memcpy. (ASA-2007-016, CVE-2007-3764)
   * i386 binary packages in etch were unfortunately compiled in an unclean
     chroot with libsqlite3-dev present and provide a feature based on that.
     Added a build dependency on that package to avoid regressions on a security
     upload.
Files: 
 97a08cc08f7a14f50af5583f6cfaae89 1488 comm optional asterisk_1.2.13~dfsg-2etch1.dsc
 f8ee088b2e4feffe2b35d78079f90b69 3835589 comm optional asterisk_1.2.13~dfsg.orig.tar.gz
 b99340fd02758c851c28ae1e3c955d42 178578 comm optional asterisk_1.2.13~dfsg-2etch1.diff.gz
 d90b1991d6afd624e9f31668ef018587 146440 comm optional asterisk_1.2.13~dfsg-2etch1_all.deb
 23be47715b380082a03a35d8805a6211 1499930 doc optional asterisk-doc_1.2.13~dfsg-2etch1_all.deb
 3f0386aaaad741f88b25ec997e7af8dd 169902 devel optional asterisk-dev_1.2.13~dfsg-2etch1_all.deb
 e4ad12dc4a65fd9eaf8a58efc4def422 1504542 comm optional asterisk-sounds-main_1.2.13~dfsg-2etch1_all.deb
 6feb2b37089d8f828130cc21c8e79625 73698 comm optional asterisk-web-vmail_1.2.13~dfsg-2etch1_all.deb
 53dd0cd1001f4e78b2b2016773d60e5c 131626 comm optional asterisk-config_1.2.13~dfsg-2etch1_all.deb
 f70eb637297095022cdbd859bddd8376 1615580 comm optional asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
 a4e6285b3a8859f93a52121468429ad3 1648860 comm optional asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
 76b1d7e76d2baae5857aa56a09e87652 130820 comm optional asterisk-h323_1.2.13~dfsg-2etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGzJtiVty5d8XpUzMRAjjBAJ4heaOn9mjl724QqRLM67hMaNVJWgCfRnoP
Kr4+2zefsERuzV2ZJdniOtI=
=eCWV
-----END PGP SIGNATURE-----


Accepted:
asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
  to pool/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
  to pool/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
asterisk-config_1.2.13~dfsg-2etch1_all.deb
  to pool/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch1_all.deb
asterisk-dev_1.2.13~dfsg-2etch1_all.deb
  to pool/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch1_all.deb
asterisk-doc_1.2.13~dfsg-2etch1_all.deb
  to pool/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch1_all.deb
asterisk-h323_1.2.13~dfsg-2etch1_i386.deb
  to pool/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_i386.deb
asterisk-sounds-main_1.2.13~dfsg-2etch1_all.deb
  to pool/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch1_all.deb
asterisk-web-vmail_1.2.13~dfsg-2etch1_all.deb
  to pool/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch1_all.deb
asterisk_1.2.13~dfsg-2etch1.diff.gz
  to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1.diff.gz
asterisk_1.2.13~dfsg-2etch1.dsc
  to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1.dsc
asterisk_1.2.13~dfsg-2etch1_all.deb
  to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1_all.deb



Reply to: