Merge asterisk 1:1.8.13.1~dfsg-3 (universe) from Debian unstable (main)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| asterisk (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
* Rewrtote sip.conf parts of AST-2012-014: dropped patches
fix-
* Reverting other changes rejected by the release team: README.Debian,
powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
-- Tzafrir Cohen <email address hidden> Tue, 09 Apr 2013 13:23:07 +0300
asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
* Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
- Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
allocations when using TCP.
The following two fixes were also pulled in order to easily apply it:
- Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
- Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
- Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
Exploitation of Device State Caching
* Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
* README.Debian: document running the testsuite.
* Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
* Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
- Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
a large POST.
- Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
SIP channel driver.
* Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
-- Tzafrir Cohen <email address hidden> Sat, 06 Apr 2013 14:15:41 +0300
Related branches
- Daniel Holbach (community): Approve
-
Diff: 1735 lines (+1684/-2)8 files modifieddebian/changelog (+49/-0)
debian/patches/AST-2012-014 (+162/-0)
debian/patches/AST-2012-015 (+1012/-0)
debian/patches/AST-2013-002 (+55/-0)
debian/patches/AST-2013-003 (+370/-0)
debian/patches/armhf-fixes (+1/-2)
debian/patches/bluetooth_bind (+30/-0)
debian/patches/series (+5/-0)
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in asterisk (Ubuntu): | |
| status: | New → Fix Released |
This bug was fixed in the package asterisk - 1:1.8.13.
---------------
asterisk (1:1.8.
* Merge from Debian unstable. (LP: #1205644) Remaining changes:
- debian/
+ chown /dev/dahdi
- debian/control, debian/rules:
+ Enable Hardening Wrapper (PIE and BIND_NOW).
+ Build against libical 1.0.
- debian/
+ Fix FTBFS on armhf.
* Fixed security issues:
- CVE-2012-5976 (LP: #1097687)
- CVE-2012-5977 (LP: #1097691)
- CVE-2013-2686
- CVE-2013-2264
asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
* Rewrtote sip.conf parts of AST-2012-014: dropped patches
fix-
* Reverting other changes rejected by the release team: README.Debian,
powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
* Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
- Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
allocations when using TCP.
The following two fixes were also pulled in order to easily apply it:
- Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
- Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
- Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
Exploitation of Device State Caching
* Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
* README.Debian: document running the testsuite.
* Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
* Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
- Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
a large POST.
- Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
SIP channel driver.
* Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
-- Artur Rona <email address hidden> Sat, 27 Jul 2013 14:56:17 +0200