lp:debian/squeeze/asterisk

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

27. By Tzafrir Cohen <email address hidden> on 2013-12-20

* Backport of fixes in Asterisk 1.8.24.1 (Closes: #732355):
  - Patch AST-2013-006: fixes a buffer overflow in app_sms.
  - Patch AST-2013-007: guards access to code execution from remote interfaces
    - but patch out the change in asterisk.conf.
    - Patch ASTERISK-20658: fixes potential crash with asterisk-realtime

26. By Tzafrir Cohen <email address hidden> on 2013-08-29

* Patch AST-2013-004 (CVE-2013-5641): chan_sip: crash in ACK to SDP
* Patch AST-2013-005 (CVE-2013-5642): Fix crash caused by invalid SDP
  (Closes: #721220).
* Update VCS links.

25. By Tzafrir Cohen <email address hidden> on 2013-01-14

* Fix typo in patch AST-2012-015 (Closes: #698112, #698118).
* Fix an error in patch AST-2012-014 (Javier Serrano Polo).

24. By Tzafrir Cohen <email address hidden> on 2012-05-30

* Patch AST-2012-007 (CVE-2012-2947): Fix IAX receiving HOLD without
  suggested MOH class crash (Closes: #675204).
* Patch AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
  (Closes: #675210).
  - Patch skinny_fix_16040: A minor bugfix required to cleanly apply it.

23. By Tzafrir Cohen <email address hidden> on 2012-04-25

* Do include patch AST-2011-014.
* Quote pathes in postinst script: Closes: #656208 (Pocos).
* Patch AST-2012-002 Stack overflow in Milliwatt
  (CVE-2012-1183): Closes: #664411.
* Two extra patches: Closes: #670180:
  - Patch AST-2012-004 - further Manager permission fixes (CVE-2012-2414).
  - Patch AST-2012-005 - Heap overflow in chan_skinny (CVE-2012-2415).

22. By Tzafrir Cohen <email address hidden> on 2011-12-18

[ Kilian Krause ]
* Fix sporadic segfault in chan_sip.so (Closes: #630381).

[ Tzafrir Cohen ]
* Patch fix_bridging_crash: segfault in bridging API (Closes: #639821).
* README.Debian: clarify datadir pathes (regarding #628415).
* Patch AST-2011-014 (CVE-2011-4598) - Remote crash possibility with
  SIP and the “automon” feature enabled Closes: #651552.
  inapplicable to Lenny).
* Patch AST-2011-013 (CVE-2011-4597) : potential remote information
  disclosure.
  - The patch changeges the sample sip.conf . We change the sample
     config files, but not the files under /etc/asterisk .

21. By Tzafrir Cohen <email address hidden> on 2011-07-01

* Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
 (Closes: 631446).
* Patch AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote
  pointer (closes: #631448).
* AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
  (closes: #632029)

20. By Tzafrir Cohen <email address hidden> on 2011-04-23

* Patch AST-2011-002 (CVE-2011-1147): Multiple crash vulnerabilities in
  UDPTL code (Closes: #614580).
* Patch AST-2011-005 (CVE-2011-1507): Resource exhaustion in Asterisk
  Manager Interface.
* Patch AST-2011-005-p2: Resource exhaustion in chan_skinny and AJAM -
  second part of the above (Closes: #618790).
* Patch AST-2011-006: Check for "system" privilege in the manager interface
  (Closes: #623775).
* Patches AST-2011-003, manager_manager_bugfix_reload - its pre-requirements.
* Patch AST-2011-004: Remote crash vulnerability in TCP/TLS server
  (Closes: #618791).

19. By Faidon Liambotis on 2011-02-10

AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver
(Closes: #610487)

18. By Faidon Liambotis on 2010-09-07

[ Tzafrir Cohen ]
* Bump Standards version to 3.9.0 (no change needed).
* rtcp_cli_fix: Backport a silly CLI parsing issue. (Closes: #589736)
* Patch typos: fix a few typos in the source.
* Patch man_hyphen: fix hyphen/minus issues in man pages.
* Remove useless binaries aelparse, conf2ael and muted.

[ Faidon Liambotis ]
* Change the way that we read include files, to accommodate for changes
  in GCC 4.4. Taken from upstream's SVN, thanks to Peter Allgeyer for the
  patch and Stefan Bauer for preparing an upload. (Closes: #594190)
* Set urgency high for a squeeze-targetted RC bug-fixing upload.