Merge asterisk 1:1.8.13.1~dfsg-3 (universe) from Debian unstable (main)

Bug #1205644 reported by Artur Rona on 2013-07-27
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
asterisk (Ubuntu)
Undecided
Unassigned

Bug Description

asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high

  * Rewrtote sip.conf parts of AST-2012-014: dropped patches
    fix-sip-tcp-no-FILE and fix-sip-tls-leak.
  * Reverting other changes rejected by the release team: README.Debian,
    powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).

 -- Tzafrir Cohen <email address hidden> Tue, 09 Apr 2013 13:23:07 +0300

asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high

  * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
    - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
      allocations when using TCP.
      The following two fixes were also pulled in order to easily apply it:
      - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
      - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
    - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
      Exploitation of Device State Caching
  * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
  * README.Debian: document running the testsuite.
  * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
  * Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
    - Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
      a large POST.
    - Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
      SIP channel driver.
  * Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).

 -- Tzafrir Cohen <email address hidden> Sat, 06 Apr 2013 14:15:41 +0300

Related branches

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package asterisk - 1:1.8.13.1~dfsg-3ubuntu1

---------------
asterisk (1:1.8.13.1~dfsg-3ubuntu1) saucy; urgency=low

  * Merge from Debian unstable. (LP: #1205644) Remaining changes:
    - debian/asterisk.init:
      + chown /dev/dahdi
    - debian/control, debian/rules:
      + Enable Hardening Wrapper (PIE and BIND_NOW).
      + Build against libical 1.0.
    - debian/patches/armhf-fixes:
      + Fix FTBFS on armhf.
  * Fixed security issues:
    - CVE-2012-5976 (LP: #1097687)
    - CVE-2012-5977 (LP: #1097691)
    - CVE-2013-2686
    - CVE-2013-2264

asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high

  * Rewrtote sip.conf parts of AST-2012-014: dropped patches
    fix-sip-tcp-no-FILE and fix-sip-tls-leak.
  * Reverting other changes rejected by the release team: README.Debian,
    powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).

asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high

  * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
    - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
      allocations when using TCP.
      The following two fixes were also pulled in order to easily apply it:
      - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
      - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
    - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
      Exploitation of Device State Caching
  * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
  * README.Debian: document running the testsuite.
  * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
  * Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
    - Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
      a large POST.
    - Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
      SIP channel driver.
  * Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
 -- Artur Rona <email address hidden> Sat, 27 Jul 2013 14:56:17 +0200

Changed in asterisk (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers