[Pkg-voip-commits] [asterisk] 05/05: Update CVE and bug numbers.

tzafrir at debian.org tzafrir at debian.org
Thu Aug 29 14:36:35 UTC 2013 

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch wheezy
in repository asterisk.

commit f24ab9409a2c39f64d7e599605ab19fdc59150e6
Author: Tzafrir Cohen <tzafrir.cohen at xorcom.com>
Date:   Thu Aug 29 13:07:36 2013 +0300

    Update CVE and bug numbers.
---
 debian/changelog            |    5 +++--
 debian/patches/AST-2013-004 |    1 +
 debian/patches/AST-2013-005 |    1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b1365fc..899c70c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
 asterisk (1:1.8.13.1~dfsg-4) UNRELEASED; urgency=high
 
-  * Patch AST-2013-004: chan_sip: crash in ACK to SDP
-  * Patch AST-2013-005: Fix crash caused by invalid SDP
+  * Patch AST-2013-004 (CVE-2013-5641): chan_sip: crash in ACK to SDP
+  * Patch AST-2013-005 (CVE-2013-5642): Fix crash caused by invalid SDP
+    (Closes: #721220).
   * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
 
  -- Tzafrir Cohen <tzafrir at debian.org>  Wed, 28 Aug 2013 23:40:03 +0300
diff --git a/debian/patches/AST-2013-004 b/debian/patches/AST-2013-004
index eba90c3..48af7a4 100644
--- a/debian/patches/AST-2013-004
+++ b/debian/patches/AST-2013-004
@@ -2,6 +2,7 @@ From: Matthew Jordan <mjordan at digium.com>
 Date: Tue, 27 Aug 2013 15:49:14 +0000
 Subject: AST-2013-004: Fix crash when handling ACK on dialog that has no channel
 Bug: https://issues.asterisk.org/jira/browse/ASTERISK-21064
+CVE: CVE-2013-5641
 Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=397710
 
 A remote exploitable crash vulnerability exists in the SIP channel driver if an
diff --git a/debian/patches/AST-2013-005 b/debian/patches/AST-2013-005
index ed6cd35..49f6377 100644
--- a/debian/patches/AST-2013-005
+++ b/debian/patches/AST-2013-005
@@ -2,6 +2,7 @@ From: Matthew Jordan <mjordan at digium.com>
 Date: Tue, 27 Aug 2013 17:55:59 +0000
 Subject: AST-2013-005: Fix crash caused by invalid SDP
 Bug: https://issues.asterisk.org/jira/browse/ASTERISK-22007
+CVE: CVE-2013-5642
 Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=397756
 
 If the SIP channel driver processes an invalid SDP that defines media

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git

More information about the Pkg-voip-commits mailing list