[Pkg-voip-commits] r9603 - in /asterisk/branches/squeeze/debian: changelog patches/AST-2012-002

tzafrir at alioth.debian.org tzafrir at alioth.debian.org
Sun Mar 25 15:27:20 UTC 2012 

Author: tzafrir
Date: Sun Mar 25 15:27:19 2012
New Revision: 9603

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=9603
Log:
Patch AST-2012-002 Stack overflow in Milliwatt
(CVE-2012-1183): Closes: #664411.

Modified:
    asterisk/branches/squeeze/debian/changelog
    asterisk/branches/squeeze/debian/patches/AST-2012-002

Modified: asterisk/branches/squeeze/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/changelog?rev=9603&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/changelog (original)
+++ asterisk/branches/squeeze/debian/changelog Sun Mar 25 15:27:19 2012
@@ -2,9 +2,10 @@
 
   * UNRELEASED.
   * Quote pathes in postinst script: Closes: #656208 (Pocos).
-  * Patch AST-2012-002 (CVE-2012-1183): Closes: #664411.
-
- -- Tzafrir Cohen <tzafrir at debian.org>  Wed, 21 Mar 2012 19:42:00 +0200
+  * Patch AST-2012-002 Stack overflow in Milliwatt
+    (CVE-2012-1183): Closes: #664411.
+
+ -- Tzafrir Cohen <tzafrir at debian.org>  Sun, 25 Mar 2012 17:26:59 +0200
 
 asterisk (1:1.6.2.9-2+squeeze4) stable-security; urgency=high
 

Modified: asterisk/branches/squeeze/debian/patches/AST-2012-002
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/AST-2012-002?rev=9603&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/patches/AST-2012-002 (original)
+++ asterisk/branches/squeeze/debian/patches/AST-2012-002 Sun Mar 25 15:27:19 2012
@@ -1,4 +1,10 @@
 Origin: http://downloads.asterisk.org/pub/security/AST-2012-002-1.6.2.diff
+Author: Russell Bryant <russell at russellbryant.com>
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-19541
+
+Fixes a buffer overflow in the Milliwatt dialplan application. Note that
+exploiting it is probably tricky: requires, among others, that the
+Milliwatt application is used (e.g. in the dialplan) with the option 'o'.
 
 --- a/apps/app_milliwatt.c
 +++ b/apps/app_milliwatt.c

More information about the Pkg-voip-commits mailing list