[Pkg-voip-commits] [asterisk] 03/03: Update changelog and set CVE numbers

tzafrir at debian.org tzafrir at debian.org
Thu Aug 29 14:36:33 UTC 2013 

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch squeeze
in repository asterisk.

commit 0fa44662f0ed91bf91242570f87065627356a469
Author: Tzafrir Cohen <tzafrir.cohen at xorcom.com>
Date:   Thu Aug 29 12:59:47 2013 +0300

    Update changelog and set CVE numbers
---
 debian/changelog            |    9 +++------
 debian/patches/AST-2013-004 |    1 +
 debian/patches/AST-2013-005 |    1 +
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 32d5305..e27e581 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,10 @@
-asterisk (1:1.6.2.9-2+squeeze12) UNRELEASED; urgency=low
-
-  * NOT RELEASED YET
-
- -- Tzafrir Cohen <tzafrir at debian.org>  Sat, 06 Apr 2013 23:57:36 +0300
-
 asterisk (1:1.6.2.9-2+squeeze11) stable-security; urgency=low
 
   * Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
     SIP channel driver (Closes: #704114).
+  * Patch AST-2013-004 (CVE-2013-5641): chan_sip: crash in ACK to SDP
+  * Patch AST-2013-005 (CVE-2013-5642): Fix crash caused by invalid SDP
+    (Closes: #721220).
 
  -- Tzafrir Cohen <tzafrir at debian.org>  Thu, 04 Apr 2013 00:55:43 +0300
 
diff --git a/debian/patches/AST-2013-004 b/debian/patches/AST-2013-004
index eba90c3..48af7a4 100644
--- a/debian/patches/AST-2013-004
+++ b/debian/patches/AST-2013-004
@@ -2,6 +2,7 @@ From: Matthew Jordan <mjordan at digium.com>
 Date: Tue, 27 Aug 2013 15:49:14 +0000
 Subject: AST-2013-004: Fix crash when handling ACK on dialog that has no channel
 Bug: https://issues.asterisk.org/jira/browse/ASTERISK-21064
+CVE: CVE-2013-5641
 Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=397710
 
 A remote exploitable crash vulnerability exists in the SIP channel driver if an
diff --git a/debian/patches/AST-2013-005 b/debian/patches/AST-2013-005
index 9536d90..dbd33ed 100644
--- a/debian/patches/AST-2013-005
+++ b/debian/patches/AST-2013-005
@@ -2,6 +2,7 @@ From: Matthew Jordan <mjordan at digium.com>
 Date: Tue, 27 Aug 2013 17:55:59 +0000
 Subject: AST-2013-005: Fix crash caused by invalid SDP
 Bug: https://issues.asterisk.org/jira/browse/ASTERISK-22007
+CVE: CVE-2013-5642
 Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=397756
 
 If the SIP channel driver processes an invalid SDP that defines media

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git

More information about the Pkg-voip-commits mailing list