Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
On Sat, 2013-04-06 at 16:39 +0300, Tzafrir Cohen wrote:
> Please unblock package asterisk. It includes a number of fixes, mostly
> two series of security fixes.
It includes a number of things that don't meet the published criteria,
which is far from ideal for an urgency=high upload at this point in the
freeze.
> The extra bug fixes are:
>
> 1. A simple fix to add support for powerpcspe
Architecture support isn't freeze material to begin with. Support for
architectures not even in Debian even more so. (I realise it's a tiny
patch; that's not really the point.)
> + * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
> + - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
> + allocations when using TCP.
> + The following two fixes were also pulled in order to easily apply it:
> + - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
That patch is more than 30% of the diff on its own. :-(
How difficult would it have been to backport the fix to the code we have
in wheezy?
> + - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
> + - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
> + Exploitation of Device State Caching
> + * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
> + * README.Debian: document running the testsuite.
Helpful as it might be, that could definitely have waited.
> + * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
And that seems more like it might be stable update material now.
Regards,
Adam
Reply to: