lp:ubuntu/lucid-security/asterisk
- Get this branch:
- bzr branch lp:ubuntu/lucid-security/asterisk
Branch merges
Related source package recipes
Branch information
Recent revisions
- 58. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code exection via
crafted UDPTL packet
- debian/patches/ AST-2011- 002-1.6. 2.diff: properly calculate lengths in
main/udptl.c.
- CVE-2011-1147
* SECURITY UPDATE: denial of service via manager session with invalid
data
- debian/patches/ AST-2011- 003-1.6. 2.diff: check for errors in
main/manager.c.
- CVE-2011-1174
* SECURITY UPDATE: denial of service via many short TLS sessions
- debian/patches/ AST-2011- 004-1.6. 2.diff: gracefully handle failures
in main/tcptls.c.
- CVE-2011-1175
* SECURITY UPDATE: denial of service via a series of TCP connections
- debian/patches/ AST-2011- 005-1.6. 2.diff: add timeouts and session
limits to main/manager.c, configs/manager. conf.sample,
channels/chan_sip. c, channels/ chan_skinny. c, main/http.c,
configs/{skinny, sip,http} .conf.sample.
- CVE-2011-1507
* SECURITY UPDATE: remote command execution via incomplete system
privilege check
- debian/patches/ AST-2011- 006-1.6. 2.diff: correctly check privileges in
main/manager.c.
- CVE-2011-1599
* SECURITY UPDATE: denial of service via crafted packet and SIP channel
driver
- debian/patches/ AST-2011- 008.diff: set proper length in
channels/chan_sip. c.
- CVE-2011-2529
* SECURITY UPDATE: denial of service and possible code execution via
IAX2 channel driver crafted frame
- debian/patches/ AST-2011- 010-1.6. 2.diff: validate options in
channels/chan_iax2. c, main/features.c.
- CVE-2011-2535
* SECURITY UPDATE: account name enumeration
- debian/patches/ AST-2011- 011-1.6. 2.diff: adjust responses in
channels/chan_sip. c.
- CVE-2011-2536 - 57. By Dave Walker
-
* SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
- debian/patches/ AST-2011- 001-1.6. 2: The size of the output buffer passed
to the ast_uri_encode function is now properly respected in main/utils.c.
Patch courtesy of upstream.
- CVE-2011-0495 - 56. By Jean-Michel Dault
-
* New upstream bugfix release (1.6.2.5)
* Security Fixes:
- AST-2010-003: Invalid parsing of ACL rules can compromise security
- AST-2010-002: Dialplan injection vulnerability* Remaining Ubuntu-specific changes:
- debian/control: Build-depend on hardening-wrapper
- debian/rules: Make use of hardening-wrapper
- debian/control: Change Maintainer
- debian/control: Removed Uploaders field.
- debian/control: Removed Debian Vcs-Svn entry and replaced with
ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
- debian/asterisk. init : chown /dev/dahdi
- debian/backports/ hardy : add file
- debian/backports/ asterisk. init.hardy : add file - 55. By Steve Beattie
-
debian/
{control, rules}: re-enable hardened options to gain PIE build
(Debian bug 542741, LP: #527538) - 54. By Jean-Michel Dault
-
* Merge from Debian: security update
* Changes:
- debian/control: Change Maintainer
- debian/control: Removed Uploaders field.
- debian/control: Removed Debian Vcs-Svn entry and replaced with
ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
- debian/asterisk. init : chown /dev/dahdi
- debian/backports/ hardy : add file
- debian/backports/ asterisk. init.hardy : add file - 52. By Roberto D'Auria
-
[ Dave Walker (Daviey) ]
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
- debian/patches/ AST-2009- 007: Additional check in channels/chan_sip.c to
check ACL for handling SIP INVITEs. This blocks calls on networks
intended to be prohibited, by configuration. Based on upstream patch.
- AST-2009-007
- CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
- debian/patches/ AST-2009- 008: Sanitise certain return of REGISTER message
to stop a specially crafted series of requests returning valid usernames.
Based on upstream patch.
- AST-2009-008
- CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
- debian/patches/ AST-2009- 010: Stops Asterisk from crashing when an RTP
comfort noise payload containing 24 bytes or greater is recieved.
- AST-2009-010
- CVE-2009-4055[ Roberto D'Auria ]
* debian/patches/ iax2-heavy- traffic- fix: Stops asterisk crashing on
heavy traffic on iax2 channel, editing channels/chan_iax2. c.
Based on upstream patch. (LP: #501116) - 51. By Dave Walker
-
* New upstream version, upstream is now DFSG compliant.
- ilibc has been removed upstream.
- Music on Hold is now cc-by-sa.
- binary firmware iaxy.bin has been removed upstream.
* debian/rules: Santitised UPSTREAM variable for compatiability
with Ubuntu and other variants.
* debian/control: Removed Debian Vcs-Svn entry and replaced
with ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
* patches/makefile_ appdocs_ dtd: Removed, merged upstream.
* patches/disable_ moh: Previosly disabled, removed from pool.
* patches/ubuntu- banner: Ported debian-banner to display Ubuntu
centric bug report information.
* Refresh quilt patches - 50. By Kees Cook
-
debian/
{control, rules}: enable hardened options to gain PIE build
(Debian bug 542741). - 49. By Jean-Michel Dault
-
* Merge from Debian.
- Lsb patches dropped: fixed upstream
- Patch for LP #350732 dropped: fixed upstream
* Added:
- Add support for web interface
- Don't enable voicetronix cards by default
- Chown /dev/dahdi in init script
- Add files for potential backports
- Change maintainer
- Standards version 3.8.3* Debian changes
[ Faidon Liambotis ]
* Fix FTBFS on armel. (Closes: #532971)[ Tzafrir Cohen ]
* New upstream beta.
* Patch hardware_dtmf_mute_ fix removed: Applied upstream.
* No need for a separate app_directory_odbc (will use app_voicemail_odbc).
* Fix name of voicemail 'openssl' dep. (Thomas Renard) (Closes: #539150)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/asterisk
