Branches for Lucid

Name Status Last Modified Last Commit
lp:ubuntu/lucid-proposed/asterisk bug 2 Mature 2010-12-15 12:18:33 UTC 2010-12-15
58. debian/patches/unattended_fix: Fix at...

Author: Lionel Porcheron
Revision Date: 2010-12-06 16:56:12 UTC

debian/patches/unattended_fix: Fix attended transfer call in 1.2.6.5
Patch based on Asterisk project's upstream patch (between 1.2.6.5 and
1.2.6.6 where issue is declared to be fixed see issue 16816 on Asterisk
bug tracker). (LP: #686625)

lp:ubuntu/lucid-security/asterisk bug 2 Mature 2011-07-12 15:49:26 UTC 2011-07-12
58. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2011-07-12 15:49:26 UTC

* SECURITY UPDATE: denial of service and possible code exection via
  crafted UDPTL packet
  - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
    main/udptl.c.
  - CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
  data
  - debian/patches/AST-2011-003-1.6.2.diff: check for errors in
    main/manager.c.
  - CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
  - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
    in main/tcptls.c.
  - CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
  - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
    limits to main/manager.c, configs/manager.conf.sample,
    channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
    configs/{skinny,sip,http}.conf.sample.
  - CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
  privilege check
  - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
    main/manager.c.
  - CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
  driver
  - debian/patches/AST-2011-008.diff: set proper length in
    channels/chan_sip.c.
  - CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
  IAX2 channel driver crafted frame
  - debian/patches/AST-2011-010-1.6.2.diff: validate options in
    channels/chan_iax2.c, main/features.c.
  - CVE-2011-2535
* SECURITY UPDATE: account name enumeration
  - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
    channels/chan_sip.c.
  - CVE-2011-2536

lp:ubuntu/lucid-updates/asterisk 2 Mature 2011-07-12 15:49:26 UTC 2011-07-12
58. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2011-07-12 15:49:26 UTC

* SECURITY UPDATE: denial of service and possible code exection via
  crafted UDPTL packet
  - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
    main/udptl.c.
  - CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
  data
  - debian/patches/AST-2011-003-1.6.2.diff: check for errors in
    main/manager.c.
  - CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
  - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
    in main/tcptls.c.
  - CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
  - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
    limits to main/manager.c, configs/manager.conf.sample,
    channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
    configs/{skinny,sip,http}.conf.sample.
  - CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
  privilege check
  - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
    main/manager.c.
  - CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
  driver
  - debian/patches/AST-2011-008.diff: set proper length in
    channels/chan_sip.c.
  - CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
  IAX2 channel driver crafted frame
  - debian/patches/AST-2011-010-1.6.2.diff: validate options in
    channels/chan_iax2.c, main/features.c.
  - CVE-2011-2535
* SECURITY UPDATE: account name enumeration
  - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
    channels/chan_sip.c.
  - CVE-2011-2536

lp:~davewalker/ubuntu/lucid/asterisk/lp605358 bug(Has a merge proposal) 1 Development 2010-07-16 10:15:05 UTC 2010-07-16
59. Added .pc quilt meta files for comple...

Author: Dave Walker
Revision Date: 2010-07-16 10:15:05 UTC

Added .pc quilt meta files for completness

lp:~davewalker/ubuntu/lucid/asterisk/lp_705014 bug(Has a merge proposal) 1 Development 2011-01-20 23:36:35 UTC 2011-01-20
59. * SECURITY UPDATE: Stack buffer overf...

Author: Dave Walker
Revision Date: 2011-01-20 23:33:45 UTC

* SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
  - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed
    to the ast_uri_encode function is now properly respected in main/utils.c.
    Patch courtesy of upstream.
  - CVE-2011-0495

lp:~sbeattie/ubuntu/lucid/asterisk/reenable-hardening bug 1 Development 2010-03-02 19:15:38 UTC 2010-03-02
55. debian/{control,rules}: re-enable har...

Author: Steve Beattie
Revision Date: 2010-03-02 19:08:36 UTC

debian/{control,rules}: re-enable hardened options to gain PIE build
(Debian bug 542741, LP: #527538)

lp:ubuntu/lucid/asterisk bug 1 Development 2010-04-13 16:27:27 UTC 2010-04-13
56. * New upstream bugfix release (1.6.2....

Author: Jean-Michel Dault
Revision Date: 2010-04-13 16:27:27 UTC

* New upstream bugfix release (1.6.2.5)
 * Security Fixes:
  - AST-2010-003: Invalid parsing of ACL rules can compromise security
  - AST-2010-002: Dialplan injection vulnerability

* Remaining Ubuntu-specific changes:
  - debian/control: Build-depend on hardening-wrapper
  - debian/rules: Make use of hardening-wrapper
  - debian/control: Change Maintainer
  - debian/control: Removed Uploaders field.
  - debian/control: Removed Debian Vcs-Svn entry and replaced with
      ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
  - debian/asterisk.init : chown /dev/dahdi
  - debian/backports/hardy : add file
  - debian/backports/asterisk.init.hardy : add file

17 of 7 results