[Pkg-voip-commits] r4238 - in asterisk/branches/sarge/debian: . patches

paravoid at alioth.debian.org paravoid at alioth.debian.org
Thu Aug 23 00:49:10 UTC 2007 

Author: paravoid
Date: 2007-08-23 00:49:10 +0000 (Thu, 23 Aug 2007)
New Revision: 4238

Added:
   asterisk/branches/sarge/debian/patches/99_ASA-2007-015.dpatch
Modified:
   asterisk/branches/sarge/debian/changelog
Log:
  - channels/chan_iax2.c: After parsing information elements in IAX frames,
    set the data length to zero, so that code later on does not think it has
    data to copy. (ASA-2007-015, CVE-2007-3763)

Modified: asterisk/branches/sarge/debian/changelog
===================================================================
--- asterisk/branches/sarge/debian/changelog	2007-08-23 00:48:42 UTC (rev 4237)
+++ asterisk/branches/sarge/debian/changelog	2007-08-23 00:49:10 UTC (rev 4238)
@@ -15,8 +15,11 @@
     - channels/chan_iax2.c: if a text frame is sent with no terminating NULL
       through a bridged IAX connection, the remote end will receive garbage
       characters tacked onto the end. (CVE-2007-2488)
+    - channels/chan_iax2.c: After parsing information elements in IAX frames,
+      set the data length to zero, so that code later on does not think it has
+      data to copy. (ASA-2007-015, CVE-2007-3763)
 
- -- Faidon Liambotis <paravoid at debian.org>  Thu, 23 Aug 2007 03:48:25 +0300
+ -- Faidon Liambotis <paravoid at debian.org>  Thu, 23 Aug 2007 03:48:56 +0300
 
 asterisk (1:1.0.7.dfsg.1-2sarge4) stable-security; urgency=high
 

Added: asterisk/branches/sarge/debian/patches/99_ASA-2007-015.dpatch
===================================================================
--- asterisk/branches/sarge/debian/patches/99_ASA-2007-015.dpatch	                        (rev 0)
+++ asterisk/branches/sarge/debian/patches/99_ASA-2007-015.dpatch	2007-08-23 00:49:10 UTC (rev 4238)
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_ASA-2007-015.dpatch by Faidon Liambotis <paravoid at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: After parsing information elements in IAX frames, set the data length
+## DP: to zero, so that code later on does not think it has data to copy.
+## DP: Backported to v1.0, original is r75440 in upstream's SVN
+## DP: Security fix, ASA-2007-015, CVE-2007-3763
+
+ at DPATCH@
+diff -urNad asterisk-1.0.7.dfsg.1~/channels/chan_iax2.c asterisk-1.0.7.dfsg.1/channels/chan_iax2.c
+--- asterisk-1.0.7.dfsg.1~/channels/chan_iax2.c	2007-08-23 03:17:25.000000000 +0300
++++ asterisk-1.0.7.dfsg.1/channels/chan_iax2.c	2007-08-23 03:17:26.000000000 +0300
+@@ -5338,6 +5338,7 @@
+ 					return 1;
+ 				}
+ 				f.data = NULL;
++				f.datalen = 0;
+ 			} else
+ 				f.data = buf + sizeof(struct ast_iax2_full_hdr);
+ 		} else {


Property changes on: asterisk/branches/sarge/debian/patches/99_ASA-2007-015.dpatch
___________________________________________________________________
Name: svn:executable
   + *

More information about the Pkg-voip-commits mailing list