[Pkg-voip-commits] r8798 - in /asterisk/branches/lenny/debian: changelog patches/AST-2011-002 patches/series

tzafrir at alioth.debian.org tzafrir at alioth.debian.org
Tue Feb 22 11:31:07 UTC 2011 

Author: tzafrir
Date: Tue Feb 22 11:31:06 2011
New Revision: 8798

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=8798
Log:
AST-2011-002: Multiple crash vulnerabilities in UDPTL code.

Modified:
    asterisk/branches/lenny/debian/changelog
    asterisk/branches/lenny/debian/patches/AST-2011-002
    asterisk/branches/lenny/debian/patches/series

Modified: asterisk/branches/lenny/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny/debian/changelog?rev=8798&op=diff
==============================================================================
--- asterisk/branches/lenny/debian/changelog (original)
+++ asterisk/branches/lenny/debian/changelog Tue Feb 22 11:31:06 2011
@@ -1,3 +1,9 @@
+asterisk (1:1.4.21.2~dfsg-3+lenny4) oldstable-proposed-updates; urgency=low
+
+  * AST-2011-002: Multiple crash vulnerabilities in UDPTL code.
+
+ -- Tzafrir Cohen <tzafrir at debian.org>  Tue, 22 Feb 2011 13:30:27 +0200
+
 asterisk (1:1.4.21.2~dfsg-3+lenny3) oldstable-proposed-updates; urgency=low
 
   [ Faidon Liambotis ]

Modified: asterisk/branches/lenny/debian/patches/AST-2011-002
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny/debian/patches/AST-2011-002?rev=8798&op=diff
==============================================================================
--- asterisk/branches/lenny/debian/patches/AST-2011-002 (original)
+++ asterisk/branches/lenny/debian/patches/AST-2011-002 Tue Feb 22 11:31:06 2011
@@ -1,9 +1,11 @@
-From 5a77208dfcc3ebdd436b0442ffae5a1e253cb35e Mon Sep 17 00:00:00 2001
-From: Leif Madsen <lmadsen at digium.com>
-Date: Mon, 21 Feb 2011 18:33:41 +0000
-Subject: [PATCH] Merge changes related to AST-2011-002 and FAX-281.
+Subject: Multiple array overflow and crash vulnerabilities in UDPTL code
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=308506
 
-Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=308506
+When decoding UDPTL packets, multiple stack and heap based arrays can be
+made to overflow by specially crafted packets. Systems doing T.38 pass
+through or termination are vulnerable.
+
+See also: http://downloads.asterisk.org/pub/security/AST-2011-002.html
 ---
  main/udptl.c |   49 +++++++++++++++++++++++--------------------------
  1 files changed, 23 insertions(+), 26 deletions(-)

Modified: asterisk/branches/lenny/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny/debian/patches/series?rev=8798&op=diff
==============================================================================
--- asterisk/branches/lenny/debian/patches/series (original)
+++ asterisk/branches/lenny/debian/patches/series Tue Feb 22 11:31:06 2011
@@ -108,3 +108,4 @@
 AST-2009-010
 ast_uri_validhex
 AST-2011-001
+AST-2011-002

More information about the Pkg-voip-commits mailing list