[Pkg-voip-commits] r7847 - in /asterisk/branches/etch/debian: changelog patches/00list patches/AST-2009-010.dpatch
tzafrir-guest at alioth.debian.org
tzafrir-guest at alioth.debian.org
Wed Dec 2 09:41:20 UTC 2009
Author: tzafrir-guest
Date: Wed Dec 2 09:41:18 2009
New Revision: 7847
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=7847
Log:
Fix for AST-2009-010 (CVE-2009-4055) - Long RTP comfort noise bug
(Closes: #559103).
Patch applies. Should build. Not tested further.
Added:
asterisk/branches/etch/debian/patches/AST-2009-010.dpatch (with props)
Modified:
asterisk/branches/etch/debian/changelog
asterisk/branches/etch/debian/patches/00list
Modified: asterisk/branches/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/changelog?rev=7847&op=diff
==============================================================================
--- asterisk/branches/etch/debian/changelog (original)
+++ asterisk/branches/etch/debian/changelog Wed Dec 2 09:41:18 2009
@@ -11,8 +11,10 @@
authentication (Closes: #513413).
* Fix for AST-2009-003 (CVE-2008-3903) - SIP responses expose valid
usernames (Closes: #522528).
-
- -- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Sat, 04 Apr 2009 18:35:37 +0300
+ * Fix for AST-2009-010 (CVE-2009-4055) - Long RTP comfort noise bug
+ (Closes: #559103).
+
+ -- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Wed, 02 Dec 2009 11:37:54 +0200
asterisk (1:1.2.13~dfsg-2etch5) stable-security; urgency=high
Modified: asterisk/branches/etch/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/00list?rev=7847&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/00list (original)
+++ asterisk/branches/etch/debian/patches/00list Wed Dec 2 09:41:18 2009
@@ -19,6 +19,7 @@
AST-2008-012.dpatch
AST-2009-001.dpatch
AST-2009-003.dpatch
+AST-2009-010.dpatch
# ukcid probably conflicts with bristuff
ukcid
option_detach
Added: asterisk/branches/etch/debian/patches/AST-2009-010.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2009-010.dpatch?rev=7847&op=file
==============================================================================
--- asterisk/branches/etch/debian/patches/AST-2009-010.dpatch (added)
+++ asterisk/branches/etch/debian/patches/AST-2009-010.dpatch Wed Dec 2 09:41:18 2009
@@ -1,0 +1,32 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## AST-2009-010.dpatch by Tzafrir Cohen <tzafrir.cohen at xorcom.com>
+##
+## DP: fixes crash caused by RTP comfort noise payload greater than 24 bytes
+## DP:
+## DP: AST-2009-010
+## DP:
+## DP: (closes issue https://issues.asterisk.org/view.php?id=16242)
+## DP: Reported by: amorsen
+## DP: Patches:
+## DP: issue16242.diff uploaded by oej (license 306)
+## DP: Tested by: amorsen, oej, dvossel
+## DP:
+## DP: git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@231518
+## DP: Author: dvossel
+## DP: Date: Mon Nov 30 17:35:48 2009 +0000
+## DP:
+## DP: Debian Issue: #559103
+## DP: CVE: CVE-2009-4055
+
+diff --git a/rtp.c b/rtp.c
+index f0430b5..45c4464 100644
+--- a/rtp.c
++++ b/rtp.c
+@@ -348,7 +348,6 @@ static struct ast_frame *process_rfc3389(struct ast_rtp *rtp, unsigned char *dat
+ }
+ rtp->f.frametype = AST_FRAME_CNG;
+ rtp->f.subclass = data[0] & 0x7f;
+- rtp->f.datalen = len - 1;
+ rtp->f.samples = 0;
+ rtp->f.delivery.tv_usec = rtp->f.delivery.tv_sec = 0;
+ f = &rtp->f;
Propchange: asterisk/branches/etch/debian/patches/AST-2009-010.dpatch
------------------------------------------------------------------------------
svn:executable = *
More information about the Pkg-voip-commits
mailing list