[Pkg-voip-commits] r5823 - in /asterisk/branches/etch/debian: changelog patches/00list patches/AST-2008-008.dpatch
paravoid at alioth.debian.org
paravoid at alioth.debian.org
Thu Jun 5 01:09:19 UTC 2008
Author: paravoid
Date: Thu Jun 5 01:09:19 2008
New Revision: 5823
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5823
Log:
* Fix a remote amplification attack in chan_iax2
(AST-2008-006/CVE-2008-1897) (Closes: #477472).
* Fix a remote crash vulnerability in chan_sip when running in pedantic
mode (AST-2008-008/CVE-2008-2119).
Added:
asterisk/branches/etch/debian/patches/AST-2008-008.dpatch
Modified:
asterisk/branches/etch/debian/changelog
asterisk/branches/etch/debian/patches/00list
Modified: asterisk/branches/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/changelog?rev=5823&op=diff
==============================================================================
--- asterisk/branches/etch/debian/changelog (original)
+++ asterisk/branches/etch/debian/changelog Thu Jun 5 01:09:19 2008
@@ -1,9 +1,14 @@
asterisk (1:1.2.13~dfsg-2etch4) UNRELEASED; urgency=low
- * New upstream bugfix release: AST-2008-006 / CVE-2008-1897
- (Closes: #477472).
-
- -- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Wed, 23 Apr 2008 10:42:58 +0300
+ [ Tzafrir Cohen ]
+ * Fix a remote amplification attack in chan_iax2
+ (AST-2008-006/CVE-2008-1897) (Closes: #477472).
+
+ [ Faidon Liambotis ]
+ * Fix a remote crash vulnerability in chan_sip when running in pedantic
+ mode (AST-2008-008/CVE-2008-2119).
+
+ -- Faidon Liambotis <paravoid at debian.org> Thu, 05 Jun 2008 04:06:09 +0300
asterisk (1:1.2.13~dfsg-2etch3) stable-security; urgency=high
Modified: asterisk/branches/etch/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/00list?rev=5823&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/00list (original)
+++ asterisk/branches/etch/debian/patches/00list Thu Jun 5 01:09:19 2008
@@ -12,6 +12,7 @@
AST-2008-003.dpatch
AST-2008-004.dpatch
AST-2008-006.dpatch
+AST-2008-008.dpatch
# ukcid probably conflicts with bristuff
ukcid
option_detach
Added: asterisk/branches/etch/debian/patches/AST-2008-008.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2008-008.dpatch?rev=5823&op=file
==============================================================================
--- asterisk/branches/etch/debian/patches/AST-2008-008.dpatch (added)
+++ asterisk/branches/etch/debian/patches/AST-2008-008.dpatch Thu Jun 5 01:09:19 2008
@@ -1,0 +1,45 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## AST-2008-008.dpatch by Faidon Liambotis <paravoid at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix "Remote Crash Vulnerability in SIP channel driver when run in
+## DP: pedantic mode" vulnerability.
+## DP: AST-2008-008/CVE-2008-2119
+## DP: upstream r120109
+
+ at DPATCH@
+Index: channels/chan_sip.c
+===================================================================
+--- channels/chan_sip.c (revision 120108)
++++ channels/chan_sip.c (revision 120109)
+@@ -6831,12 +6831,14 @@
+ return -1;
+ }
+ from += 4;
++ if (pedanticsipchecking) {
++ ast_uri_decode(from);
++ }
+ } else
+ from = NULL;
+
+ if (pedanticsipchecking) {
+ ast_uri_decode(uri);
+- ast_uri_decode(from);
+ }
+
+ /* Get the target domain first and user */
+@@ -7261,11 +7263,10 @@
+ while(*t && (*t > 32) && (*t != ';'))
+ t++;
+ *t = '\0';
+- of = get_header(req, "From");
++
++ ast_copy_string(from, get_header(req, "From"), sizeof(from));
+ if (pedanticsipchecking)
+- ast_uri_decode(of);
+-
+- ast_copy_string(from, of, sizeof(from));
++ ast_uri_decode(from);
+
+ memset(calleridname,0,sizeof(calleridname));
+ get_calleridname(from, calleridname, sizeof(calleridname));
More information about the Pkg-voip-commits
mailing list