Branches for Natty

Author: Dave Walker
Revision Date: 2011-01-20 21:19:46 UTC

* SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
  - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed
    to the ast_uri_encode function is now properly respected in main/utils.c.
    Patch courtesy of upstream.
  - CVE-2011-0495

Author: Marc Deslauriers
Revision Date: 2011-07-12 14:38:08 UTC

* SECURITY UPDATE: denial of service and possible code exection via
  crafted UDPTL packet
  - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
    main/udptl.c.
  - CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
  data
  - debian/patches/AST-2011-003-1.6.2.diff: check for errors in
    main/manager.c.
  - CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
  - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
    in main/tcptls.c.
  - CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
  - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
    limits to main/manager.c, configs/manager.conf.sample,
    channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
    configs/{skinny,sip,http}.conf.sample.
  - CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
  privilege check
  - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
    main/manager.c.
  - CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
  driver
  - debian/patches/AST-2011-008.diff: set proper length in
    channels/chan_sip.c.
  - CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
  IAX2 channel driver crafted frame
  - debian/patches/AST-2011-010-1.6.2.diff: validate options in
    channels/chan_iax2.c, main/features.c.
  - CVE-2011-2535
* SECURITY UPDATE: account name enumeration
  - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
    channels/chan_sip.c.
  - CVE-2011-2536

Author: Marc Deslauriers
Revision Date: 2011-07-12 14:38:08 UTC

* SECURITY UPDATE: denial of service and possible code exection via
  crafted UDPTL packet
  - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
    main/udptl.c.
  - CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
  data
  - debian/patches/AST-2011-003-1.6.2.diff: check for errors in
    main/manager.c.
  - CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
  - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
    in main/tcptls.c.
  - CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
  - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
    limits to main/manager.c, configs/manager.conf.sample,
    channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
    configs/{skinny,sip,http}.conf.sample.
  - CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
  privilege check
  - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
    main/manager.c.
  - CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
  driver
  - debian/patches/AST-2011-008.diff: set proper length in
    channels/chan_sip.c.
  - CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
  IAX2 channel driver crafted frame
  - debian/patches/AST-2011-010-1.6.2.diff: validate options in
    channels/chan_iax2.c, main/features.c.
  - CVE-2011-2535
* SECURITY UPDATE: account name enumeration
  - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
    channels/chan_sip.c.
  - CVE-2011-2536

Author: Dave Walker
Revision Date: 2011-01-20 21:20:56 UTC

* SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
  - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed
    to the ast_uri_encode function is now properly respected in main/utils.c.
    Patch courtesy of upstream.
  - CVE-2011-0495