[Pkg-voip-commits] r10306 - in /asterisk/branches/experimental/debian: changelog patches/bzero patches/pjproject
msp at alioth.debian.org
msp at alioth.debian.org
Sun Sep 29 04:05:53 UTC 2013
Author: msp
Date: Sun Sep 29 04:05:47 2013
New Revision: 10306
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=10306
Log:
* Rewrtote sip.conf parts of AST-2012-014: dropped patches
fix-sip-tcp-no-FILE and fix-sip-tls-leak.
* Reverting other changes rejected by the release team: README.Debian,
powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
* Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
- Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
allocations when using TCP.
The following two fixes were also pulled in order to easily apply it:
- Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
- Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
- Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
Exploitation of Device State Caching
* Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
* README.Debian: document running the testsuite.
* Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
* Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
- Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
a large POST.
- Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
SIP channel driver.
* Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
* New upstream release (Closes: #680470):
- Fixes AST-2012-010 (CVE-2012-3863).
- Fixes AST-2012-011 (CVE-2012-38612).
* Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR
* Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls
by some IAX2 peers.
(Closes: #675210).
Removed:
asterisk/branches/experimental/debian/patches/bzero
asterisk/branches/experimental/debian/patches/pjproject
Modified:
asterisk/branches/experimental/debian/changelog
Modified: asterisk/branches/experimental/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/experimental/debian/changelog?rev=10306&op=diff
==============================================================================
--- asterisk/branches/experimental/debian/changelog (original)
+++ asterisk/branches/experimental/debian/changelog Sun Sep 29 04:05:47 2013
@@ -54,13 +54,55 @@
-- Mark Purcell <msp at debian.org> Sat, 28 Sep 2013 13:40:36 +1000
+asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
+
+ * Rewrtote sip.conf parts of AST-2012-014: dropped patches
+ fix-sip-tcp-no-FILE and fix-sip-tls-leak.
+ * Reverting other changes rejected by the release team: README.Debian,
+ powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
+
+ -- Tzafrir Cohen <tzafrir at debian.org> Tue, 09 Apr 2013 13:23:07 +0300
+
+asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
+
+ * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
+ - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
+ allocations when using TCP.
+ The following two fixes were also pulled in order to easily apply it:
+ - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
+ - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
+ - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
+ Exploitation of Device State Caching
+ * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
+ * README.Debian: document running the testsuite.
+ * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
+ * Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
+ - Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
+ a large POST.
+ - Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
+ SIP channel driver.
+ * Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
+
+ -- Tzafrir Cohen <tzafrir at debian.org> Sat, 06 Apr 2013 14:15:41 +0300
+
+asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low
+
+ * New upstream release (Closes: #680470):
+ - Fixes AST-2012-010 (CVE-2012-3863).
+ - Fixes AST-2012-011 (CVE-2012-38612).
+ * Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR
+ * Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls
+ by some IAX2 peers.
+
+ -- Tzafrir Cohen <tzafrir at debian.org> Sat, 01 Sep 2012 04:44:12 +0300
+
asterisk (1:1.8.13.0~dfsg-1) unstable; urgency=high
* New upstream release.
- AST-2012-007 (CVE-2012-2947): Fix IAX receiving HOLD without
suggested MOH class crash (Closes: #675204).
- AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
- (Closes: #67521).
+ (Closes: #675210).
- Patch gmime2.6 removed: merged upstream.
- Patch sparc32_disable removed: hacks removed from Upstream Makefile.
* Also pass LDFLAGS to menuselect (Closes: #664086 for real).
More information about the Pkg-voip-commits
mailing list