[Pkg-voip-commits] r10306 - in /asterisk/branches/experimental/debian: changelog patches/bzero patches/pjproject

msp at alioth.debian.org msp at alioth.debian.org
Sun Sep 29 04:05:53 UTC 2013 

Author: msp
Date: Sun Sep 29 04:05:47 2013
New Revision: 10306

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=10306
Log:
* Rewrtote sip.conf parts of AST-2012-014: dropped patches
  fix-sip-tcp-no-FILE and fix-sip-tls-leak.
* Reverting other changes rejected by the release team: README.Debian,
  powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
* Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
  - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
    allocations when using TCP.
    The following two fixes were also pulled in order to easily apply it:
    - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
    - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
  - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
    Exploitation of Device State Caching
* Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
* README.Debian: document running the testsuite.
* Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
* Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
  - Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
    a large POST.
  - Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
    SIP channel driver.
* Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
* New upstream release (Closes: #680470):
  - Fixes AST-2012-010 (CVE-2012-3863).
  - Fixes AST-2012-011 (CVE-2012-38612).
* Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR
* Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls
  by some IAX2 peers.
    (Closes: #675210).

Removed:
    asterisk/branches/experimental/debian/patches/bzero
    asterisk/branches/experimental/debian/patches/pjproject
Modified:
    asterisk/branches/experimental/debian/changelog

Modified: asterisk/branches/experimental/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/experimental/debian/changelog?rev=10306&op=diff
==============================================================================
--- asterisk/branches/experimental/debian/changelog	(original)
+++ asterisk/branches/experimental/debian/changelog	Sun Sep 29 04:05:47 2013
@@ -54,13 +54,55 @@
 
  -- Mark Purcell <msp at debian.org>  Sat, 28 Sep 2013 13:40:36 +1000
 
+asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
+
+  * Rewrtote sip.conf parts of AST-2012-014: dropped patches
+    fix-sip-tcp-no-FILE and fix-sip-tls-leak.
+  * Reverting other changes rejected by the release team: README.Debian,
+    powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
+
+ -- Tzafrir Cohen <tzafrir at debian.org>  Tue, 09 Apr 2013 13:23:07 +0300
+
+asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
+
+  * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
+    - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
+      allocations when using TCP.
+      The following two fixes were also pulled in order to easily apply it:
+      - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
+      - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
+    - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
+      Exploitation of Device State Caching
+  * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
+  * README.Debian: document running the testsuite.
+  * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
+  * Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
+    - Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
+      a large POST.
+    - Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
+      SIP channel driver.
+  * Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
+
+ -- Tzafrir Cohen <tzafrir at debian.org>  Sat, 06 Apr 2013 14:15:41 +0300
+
+asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low
+
+  * New upstream release (Closes: #680470):
+    - Fixes AST-2012-010 (CVE-2012-3863).
+    - Fixes AST-2012-011 (CVE-2012-38612).
+  * Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR
+  * Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls
+    by some IAX2 peers.
+
+ -- Tzafrir Cohen <tzafrir at debian.org>  Sat, 01 Sep 2012 04:44:12 +0300
+
 asterisk (1:1.8.13.0~dfsg-1) unstable; urgency=high
 
   * New upstream release.
     - AST-2012-007 (CVE-2012-2947): Fix IAX receiving HOLD without
       suggested MOH class crash (Closes: #675204).
     - AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
-      (Closes: #67521).
+      (Closes: #675210).
     - Patch gmime2.6 removed: merged upstream.
     - Patch sparc32_disable removed: hacks removed from Upstream Makefile.
   * Also pass LDFLAGS to menuselect (Closes: #664086 for real).

More information about the Pkg-voip-commits mailing list