Comment 15 for bug 345217

asterisk (1:1.4.17~dfsg-2ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: ACK response spoofing
    - added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special
      id to prevent ACK response spoofing. Based on upstream patch.
    - CVE-2008-1897
    - AST-2008-006
  * SECURITY UPDATE: POKE request flooding
    - added debian/patches/CVE-2008-3263: Adjust chan_iax2.c to prevent
      'POKE' request flooding. Based on upstream patch.
    - CVE-2008-3263
    - AST-2008-010
  * SECURITY UPDATE: firmware packet flooding
    - added debian/patches/CVE-2008-3264: Adjust chan_iax2.c to prevent
      firmware packet flooding. Based on upstream patch.
    - CVE-2008-3264
    - AST-2008-011
  * SECURITY UPDATE: information leak in IAX2 authentication
    - added debian/patches/CVE-2009-0041: Adjust chan_iax2.c to fix
      information leak in IAX2 authentication. Based on upstream patch.
    - CVE-2009-0041
    - AST-2009-001
  * SECURITY UPDATE: SIP responses expose valid usernames
    - added debian/patches/CVE-2008-3903: Adjust chan_sip.c to make
      it more difficult to scan for available usernames.
    - CVE-2008-3903
    - AST-2009-003
  * SECURITY UPDATE: An attacker could hijack a manager session
    - added debian/patches/CVE-2008-1390: Adjust manager.c to
      never assign an invalid id of 0
    - CVE-2008-1390
    - AST-2008-005