[Pkg-voip-commits] r8892 - in /asterisk/branches/lenny-security/debian: changelog patches/AST-2011-005-p2 patches/AST-2011-006 patches/series
tzafrir at alioth.debian.org
tzafrir at alioth.debian.org
Fri Apr 22 23:21:45 UTC 2011
Author: tzafrir
Date: Fri Apr 22 23:21:45 2011
New Revision: 8892
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=8892
Log:
* CVE for AST-2011-005
* Drop Patch AST-2011-006: not needed in this branch
Modified:
asterisk/branches/lenny-security/debian/changelog
asterisk/branches/lenny-security/debian/patches/AST-2011-005-p2
asterisk/branches/lenny-security/debian/patches/AST-2011-006
asterisk/branches/lenny-security/debian/patches/series
Modified: asterisk/branches/lenny-security/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/changelog?rev=8892&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/changelog (original)
+++ asterisk/branches/lenny-security/debian/changelog Fri Apr 22 23:21:45 2011
@@ -5,7 +5,6 @@
* Patch AST-2011-005: Resource exhaustion in Asterisk Manager Interface
* Patch AST-2011-005-p2: Resource exhaustion in chan_skinny and AJAM
(Closes: #618790).
- * Patch AST-2011-006: Check for "system" privilege in the manager interface
* Patches AST-2011-003, manager_manager_bugfix_reload - its pre-requirements.
* My new @debian.org address
Modified: asterisk/branches/lenny-security/debian/patches/AST-2011-005-p2
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/patches/AST-2011-005-p2?rev=8892&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/patches/AST-2011-005-p2 (original)
+++ asterisk/branches/lenny-security/debian/patches/AST-2011-005-p2 Fri Apr 22 23:21:45 2011
@@ -15,6 +15,8 @@
To disable: 'noload => chan_skinny.so' in /etc/asterisk/modules.conf .
Manager over HTTP is not enabled by default on Debian.
+
+CVE: CVE-2011-1507
See also:
https://issues.asterisk.org/view.php?id=18996
Modified: asterisk/branches/lenny-security/debian/patches/AST-2011-006
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/patches/AST-2011-006?rev=8892&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/patches/AST-2011-006 (original)
+++ asterisk/branches/lenny-security/debian/patches/AST-2011-006 Fri Apr 22 23:21:45 2011
@@ -3,6 +3,9 @@
Bug: https://issues.asterisk.org/view.php?id=18787
Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=314607
Subject: Check for "system" privilege in the manager interface
+
+This patch is left in the tree bug not applied by default: in 1.4 it
+changes the behaviour (this change was only introduced in 1.6.0).
This fix adds the missing test (added in later version, though apparently
in a slightly wrong location) for the "system" write permissions in case
Modified: asterisk/branches/lenny-security/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/patches/series?rev=8892&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/patches/series (original)
+++ asterisk/branches/lenny-security/debian/patches/series Fri Apr 22 23:21:45 2011
@@ -107,4 +107,3 @@
manager_bugfix_reload
AST-2011-005
AST-2011-005-p2
-AST-2011-006
More information about the Pkg-voip-commits
mailing list