ubuntu/+source/asterisk:debian/jessie

Last commit made on 2018-06-23
Get this branch:
git clone -b debian/jessie https://git.launchpad.net/ubuntu/+source/asterisk
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/jessie
Repository:
lp:ubuntu/+source/asterisk

Recent commits

114363d... by Tzafrir Cohen <email address hidden> on 2017-12-29

Import patches-unapplied version 1:11.13.1~dfsg-2+deb8u5 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 706a0e7d485841b61b9454d799456e90880a21bb

New changelog entries:
  * CVE-2017-17090 / /AST-2017-013: memory leak from chan_skinny
    (Closes: #883342).
  * Note: advisories AST-2017-009 - AST-2017-012 do not apply to asterisk 11
    (Closes: #881257, #881256).

706a0e7... by Bernhard Schmidt <email address hidden> on 2017-09-23

Import patches-unapplied version 1:11.13.1~dfsg-2+deb8u4 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: f2f0b2b57728c5d43fd6eb7b2d6f32782dee60ba

New changelog entries:
  * CVE-2017-14603 / AST-2017-008
    This is a follow-up for AST-2017-005: RTP/RTCP information leak
    improving robustness of the security fix and fixing a regression
    with re-INVITEs (Closes: #876328)
  * CVE-2017-14099 / AST-2017-005
    Media takeover in RTP stack ("RTP bleed") (Closes: #873907)
  * CVE-2017-14100 / AST-2017-006
    Shell access command injection in app_minivm (Closes: #873908)

f2f0b2b... by Bernhard Schmidt <email address hidden> on 2017-01-03

Import patches-unapplied version 1:11.13.1~dfsg-2+deb8u2 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: be241496b9ef5ef6fecfa7a46d43935aa249eb9a

New changelog entries:
  * AST-2016-009: non-printable ASCII chars treated as whitespace (CVE-2016-9938)
    (Closes: #847668)
  [ Tzafrir Cohen ]
  * Add a placeholder conf in manager.c (Closes: #776080)
  [ Bernhard Schmidt ]
  * AST-2016-007: Fix RTP Resource Exhaustion (CVE-2016-7551) (Closes: #838832)
  * AST-2015-003: Fix TLS Certificate Common name NULL byte exploit (CVE-2015-3008)
    (Closes: #782411)
  * AST-2016-003: Fix crash in UDPTL (CVE-2016-2232)
  * AST-2016-002: File descriptor exhaustion in chan_sip (CVE-2016-2316)
  * AST-2016-001: BEAST vulnerability in HTTP server (CVE-2011-3389)

be24149... by Tzafrir Cohen <email address hidden> on 2014-12-31

Import patches-unapplied version 1:11.13.1~dfsg-2 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 477c56f7eae913860c1207aa765dc9a32d4a5f20

New changelog entries:
  * New upstream release: fixes AST-2014-011 (CVE-2014-3566, POODLE).
  * Add a local gbp.conf for branch jessie
  * New patches for recent security issues (Closes: #771463):
    - AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs
      may permit unwanted traffic
    - AST-2014-014 (CVE-2014-8414): High call load may result in hung
      channels in ConfBridge
    - AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive
      function for external APIs
    - AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for
      external APIs
  * AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in
    WebSocket Server (Closes: #773230).
  * sanity check to avoid changing the ABI hash.

477c56f... by Jeremy Lainé on 2014-09-26

Import patches-unapplied version 1:11.13.0~dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0ae4df4ccb603e226a08ab4ca9ba4e54222aedcd

New changelog entries:
  * New upstream release.
    - Drop aelparse_manpage.patch and smsq_manpage.patch, fixed upstream.
  * Fix an out of bounds error in res_fax.c.
  * Allow res_calendar_ews to work with neon 0.30.x (Closes: #761677).
  * Build with all hardening options enabled.

0ae4df4... by Jeremy Lainé on 2014-09-22

Import patches-unapplied version 1:11.12.1~dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a96ab006284524a49f82b5ce502cbdd51baed401

New changelog entries:
  * New upstream security release, fixes:
    - AST-2014-010 a.k.a. CVE-2014-6610 (Closes: #762164).

a96ab00... by Jeremy Lainé on 2014-08-20

Import patches-unapplied version 1:11.12.0~dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fec8aa51841df06f0653033425583b493ff3ed49

New changelog entries:
  * New upstream release.
    - Drop pbx_lua_regression patch, fixed upstream.
  * Make asterisk Provide asterisk-$$AST_BUILDOPT_SUM (Closes: #689109).

fec8aa5... by Jeremy Lainé on 2014-08-07

Import patches-unapplied version 1:11.11.0~dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f95c9c0dc1030481e5ed47b9ab146bf1e72d5b25

New changelog entries:
  * Fix loading lua modules from pbx_lua (Closes: #756425).
  * Ship the aelparse utility (Closes: #747866).

f95c9c0... by Jeremy Lainé on 2014-07-10

Import patches-unapplied version 1:11.11.0~dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ec9f22c5884066aa775368977e248b2903c06bb3

New changelog entries:
  * New upstream release.
    - Drop safe_asterisk-config and safe_asterisk-nobg patches, fixed upstream
      in bug ASTERISK-23492.
    - Update pjproject patch.
  * Remove svn-upgrade from watch file.

ec9f22c... by Jeremy Lainé on 2014-06-13

Import patches-unapplied version 1:11.10.2~dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 41c324131316a87b17af31800d86b10ccae2a052

New changelog entries:
  * New upstream security release, fixes:
    - AST-2014-006: Asterisk Manager User Unauthorized Shell Access
    - AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections