diff -u asterisk-1.2.16~dfsg/debian/changelog asterisk-1.2.16~dfsg/debian/changelog
--- asterisk-1.2.16~dfsg/debian/changelog
+++ asterisk-1.2.16~dfsg/debian/changelog
@@ -1,3 +1,12 @@
+asterisk (1:1.2.16~dfsg-1ubuntu3.1) feisty-security; urgency=low
+
+  * SECURITY UPDATE: Fix ASA-2007-011 and ASA-2007-012
+  * References:
+    http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053967.html
+    http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053968.html
+
+ -- Martin Jürgens <martin@gamesplace.info>  Sat, 28 Apr 2007 14:34:02 +0200
+
 asterisk (1:1.2.16~dfsg-1ubuntu3) feisty; urgency=low
 
   * SECURITY UPDATE: Fix SIP DoS vulnerability
diff -u asterisk-1.2.16~dfsg/debian/patches/00list asterisk-1.2.16~dfsg/debian/patches/00list
--- asterisk-1.2.16~dfsg/debian/patches/00list
+++ asterisk-1.2.16~dfsg/debian/patches/00list
@@ -26,0 +27 @@
+ASA-2007-011+012.dpatch
only in patch2:
unchanged:
--- asterisk-1.2.16~dfsg.orig/debian/patches/ASA-2007-011+012.dpatch
+++ asterisk-1.2.16~dfsg/debian/patches/ASA-2007-011+012.dpatch
@@ -0,0 +1,50 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## ASA-2007-011+012.dpatch by  <martin@gamesplace.info>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad asterisk-1.2.16~dfsg~/channels/chan_sip.c asterisk-1.2.16~dfsg/channels/chan_sip.c
+--- asterisk-1.2.16~dfsg~/channels/chan_sip.c	2007-04-28 14:37:16.000000000 +0200
++++ asterisk-1.2.16~dfsg/channels/chan_sip.c	2007-04-28 14:37:41.000000000 +0200
+@@ -11275,16 +11275,16 @@
+ 			/* ignore means "don't do anything with it" but still have to 
+ 			   respond appropriately  */
+ 			ignore=1;
+-		}
+-	
+-		e = ast_skip_blanks(e);
+-		if (sscanf(e, "%d %n", &respid, &len) != 1) {
+-			ast_log(LOG_WARNING, "Invalid response: '%s'\n", e);
+-		} else {
+-			/* More SIP ridiculousness, we have to ignore bogus contacts in 100 etc responses */
+-			if ((respid == 200) || ((respid >= 300) && (respid <= 399)))
+-				extract_uri(p, req);
+-			handle_response(p, respid, e + len, req, ignore, seqno);
++		} else if (e) {
++			e = ast_skip_blanks(e);
++			if (sscanf(e, "%d %n", &respid, &len) != 1) {
++				ast_log(LOG_WARNING, "Invalid response: '%s'\n", e);
++			} else {
++				/* More SIP ridiculousness, we have to ignore bogus contacts in 100 etc responses */
++				if ((respid == 200) || ((respid >= 300) && (respid <= 399)))
++					extract_uri(p, req);
++				handle_response(p, respid, e + len, req, ignore, seqno);
++			}
+ 		}
+ 		return 0;
+ 	}
+diff -urNad asterisk-1.2.16~dfsg~/manager.c asterisk-1.2.16~dfsg/manager.c
+--- asterisk-1.2.16~dfsg~/manager.c	2007-02-06 07:58:28.000000000 +0100
++++ asterisk-1.2.16~dfsg/manager.c	2007-04-28 14:38:14.000000000 +0200
+@@ -533,7 +533,8 @@
+ 				} else if (ha)
+ 					ast_free_ha(ha);
+ 				if (!strcasecmp(authtype, "MD5")) {
+-					if (!ast_strlen_zero(key) && s->challenge) {
++					if (!ast_strlen_zero(key) && 
++					    !ast_strlen_zero(s->challenge) && !ast_strlen_zero(password)) {
+ 						int x;
+ 						int len=0;
+ 						char md5key[256] = "";