[Pkg-voip-commits] [asterisk] 03/03: Update changelog and set CVE numbers
tzafrir at debian.org
tzafrir at debian.org
Thu Aug 29 14:36:33 UTC 2013
This is an automated email from the git hooks/post-receive script.
tzafrir pushed a commit to branch squeeze
in repository asterisk.
commit 0fa44662f0ed91bf91242570f87065627356a469
Author: Tzafrir Cohen <tzafrir.cohen at xorcom.com>
Date: Thu Aug 29 12:59:47 2013 +0300
Update changelog and set CVE numbers
---
debian/changelog | 9 +++------
debian/patches/AST-2013-004 | 1 +
debian/patches/AST-2013-005 | 1 +
3 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 32d5305..e27e581 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,10 @@
-asterisk (1:1.6.2.9-2+squeeze12) UNRELEASED; urgency=low
-
- * NOT RELEASED YET
-
- -- Tzafrir Cohen <tzafrir at debian.org> Sat, 06 Apr 2013 23:57:36 +0300
-
asterisk (1:1.6.2.9-2+squeeze11) stable-security; urgency=low
* Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
SIP channel driver (Closes: #704114).
+ * Patch AST-2013-004 (CVE-2013-5641): chan_sip: crash in ACK to SDP
+ * Patch AST-2013-005 (CVE-2013-5642): Fix crash caused by invalid SDP
+ (Closes: #721220).
-- Tzafrir Cohen <tzafrir at debian.org> Thu, 04 Apr 2013 00:55:43 +0300
diff --git a/debian/patches/AST-2013-004 b/debian/patches/AST-2013-004
index eba90c3..48af7a4 100644
--- a/debian/patches/AST-2013-004
+++ b/debian/patches/AST-2013-004
@@ -2,6 +2,7 @@ From: Matthew Jordan <mjordan at digium.com>
Date: Tue, 27 Aug 2013 15:49:14 +0000
Subject: AST-2013-004: Fix crash when handling ACK on dialog that has no channel
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-21064
+CVE: CVE-2013-5641
Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=397710
A remote exploitable crash vulnerability exists in the SIP channel driver if an
diff --git a/debian/patches/AST-2013-005 b/debian/patches/AST-2013-005
index 9536d90..dbd33ed 100644
--- a/debian/patches/AST-2013-005
+++ b/debian/patches/AST-2013-005
@@ -2,6 +2,7 @@ From: Matthew Jordan <mjordan at digium.com>
Date: Tue, 27 Aug 2013 17:55:59 +0000
Subject: AST-2013-005: Fix crash caused by invalid SDP
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-22007
+CVE: CVE-2013-5642
Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=397756
If the SIP channel driver processes an invalid SDP that defines media
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git
More information about the Pkg-voip-commits
mailing list