-
asterisk (1:1.8.13.1~dfsg1-3+deb7u3) stable-security; urgency=high
* Bumped repackages tarball number: security and main had different copies
of the original.
* Fix patch AST-2013-007: avoid warning on rasterisk.
-- Tzafrir Cohen <email address hidden> Sat, 04 Jan 2014 02:26:42 +0200
-
asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
* Rewrtote sip.conf parts of AST-2012-014: dropped patches
fix-sip-tcp-no-FILE and fix-sip-tls-leak.
* Reverting other changes rejected by the release team: README.Debian,
powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
-- Tzafrir Cohen <email address hidden> Tue, 09 Apr 2013 13:23:07 +0300
-
asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low
* New upstream release (Closes: #680470):
- Fixes AST-2012-010 (CVE-2012-3863).
- Fixes AST-2012-011 (CVE-2012-38612).
* Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR
* Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls
by some IAX2 peers.
-- Tzafrir Cohen <email address hidden> Sat, 01 Sep 2012 04:44:12 +0300
-
asterisk (1:1.8.13.0~dfsg-1) unstable; urgency=high
* New upstream release.
- AST-2012-007 (CVE-2012-2947): Fix IAX receiving HOLD without
suggested MOH class crash (Closes: #675204).
- AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
(Closes: #67521).
- Patch gmime2.6 removed: merged upstream.
- Patch sparc32_disable removed: hacks removed from Upstream Makefile.
* Also pass LDFLAGS to menuselect (Closes: #664086 for real).
* Fully strip-out the ilbc code (Closes: #665938, #665937).
- Patch ilbc_disable to fix the build.
* Patch httpd_port: Fix port number of Asterisk httpd.
* While we're at it: Closes: #606959, which is a non-issue.
-- Tzafrir Cohen <email address hidden> Wed, 16 May 2012 18:43:18 +0300
-
asterisk (1:1.8.11.1~dfsg-1) unstable; urgency=high
* New upstream release, Closes: #670180:
- AST-2012-004 - further Manager permission fixes (CVE-2012-2414).
- AST-2012-005 - Heap overflow in chan_skinny (CVE-2012-2415).
- AST-2012-006 - Remote crash on SIP "UPDATE" method (CVE-2012-2416).
* Fix daemon status check in init.d script (Closes: #669378).
* Patch menuselect_cflags: allow passing our flags to menuselect's build.
- Use it t opass our CFLAGS to menuselect (Closes: #664086).
-- Tzafrir Cohen <email address hidden> Wed, 25 Apr 2012 12:19:06 +0300
-
asterisk (1:1.8.10.1~dfsg-1) unstable; urgency=low
[ Victor Seva ]
* Update backports/squeeze script gmime2.6 -> gmime2.4
[ Tzafrir Cohen ]
* New upstrean bug-fix release.
- Fixes "[CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and
AST-2012-003 flaws" (Closes: #664411).
* Patch gmime2.6 (Closes: #663998, #664004), also fixed Build-Depends.
* Remove the text of RFC 3951 from the tarball. (Closes: #665937)
-- Mark Purcell <email address hidden> Sat, 31 Mar 2012 08:44:57 +1100
-
asterisk (1:1.8.8.2~dfsg-1) unstable; urgency=high
* New upstream release, fixes AST-2012-001 (Closes: #656596).
* Use CFLAGS and LDFLAGS from dpkg-buildflags (Closes: #653944).
-- Tzafrir Cohen <email address hidden> Fri, 20 Jan 2012 14:16:47 +0200
-
asterisk (1:1.8.8.0~dfsg-1) unstable; urgency=high
[ Faidon Liambotis ]
* Fix Breaks/Conflicts to contain the epoch.
* Urgency high since this resulted in file conflicts when upgrading from
stable.
* Patch reenable-pri-optional: Backport a patch from upstream to fix
several PRI features being compiled-out and hence disabled.
* Bump libpri-dev dependency to 1.4.12; it is not strictly needed but extra
functionality is enabled at build-time.
[ Tzafrir Cohen ]
* New upstream release. Closes: #651552.
- Patch reenable-pri-optional dropped: included upstream.
* Officially remove asterisk-h323:
- Break older versions, as it did not have a versioned Depends before.
- Remove the package.
* Update watch file to only check for 1.8.x tarballs.
-- Tzafrir Cohen <email address hidden> Sun, 18 Dec 2011 00:50:02 +0200
-
asterisk (1:1.8.7.1~dfsg-3) unstable; urgency=high
[ Faidon Liambotis ]
* Fix Breaks/Conflicts to contain the epoch.
* Urgency high since this resulted in file conflicts when upgrading from
stable.
* Patch reenable-pri-optional: Backport a patch from upstream to fix
several PRI features being compiled-out and hence disabled.
* Bump libpri-dev dependency to 1.4.12; it is not strictly needed but extra
functionality is enabled at build-time.
[ Tzafrir Cohen ]
* Officially remove asterisk-h323:
- Break older versions, as it did not have a versioned Depends before.
- Remove the package.
-- Tzafrir Cohen <email address hidden> Sun, 27 Nov 2011 00:22:08 +0200
-
asterisk (1:1.8.7.1~dfsg-1) unstable; urgency=high
[ Tzafrir Cohen ]
* New upstream release (Closes: #647252):
- Patch refix_bashism removed: applied upstream.
- Patch openssl10 removed: applied upstream.
- Patch gmime-2.4 removed: applied upstream.
- Patch gcc46 removed - was a backport from upstream.
* Disable chan_h323: broken with curren h323plus, and not loved by upstream.
* Patch chan_iax2-detach-thread-on-non-stop-exit: Hopefully plugs a
memory leak. EXPERIMENTAL. DO NOT UPLOAD WITH THIS FOR NOW.
* Patch reinclude_docs: a copy of the included documentation that was
removed.
* Patch sparc32_disable: Remove pointless optimization for sparc64
[ Paul Belanger ]
* Bump libpri-dev to 1.4.11.
* Ensure sub-packages with asterisk modules are the same version as the
binary.
-- Tzafrir Cohen <email address hidden> Fri, 11 Nov 2011 17:48:03 +0200
-
asterisk (1:1.8.4.4~dfsg-2) unstable; urgency=low
* Don't mark en-gsm sound files as enabled, so they won't be downloaded. -- Tzafrir Cohen <email address hidden> Mon, 04 Jul 2011 23:19:50 +0300
-
asterisk (1:1.8.4.3-1) unstable; urgency=high
* New upstream point release, fixes 3 remotely-explitables (of sort) bugs: - AST-2011-008, CVE-2011-2529 (Closes: #631446) - AST-2011-009 (Closes: #631445) - AST-2011-010, CVE-2011-2535 (Closes: #631448) -- Tzafrir Cohen <email address hidden> Fri, 24 Jun 2011 00:51:49 +0300
-
asterisk (1:1.8.4.2-1) unstable; urgency=low
* New upstream point release: - Fixes CVE-2011-2216 - AST-2011-007 (Closes: #629130). * Patch gcc46: Fix the induced regression. * Blacklist SRTP support on Sparc and hurd-i386 until SRTP available there. -- Tzafrir Cohen <email address hidden> Fri, 03 Jun 2011 23:20:29 +0300
-
asterisk (1:1.6.2.9-2+squeeze2) stable-security; urgency=high
* Patch AST-2011-002 (CVE-2011-1147): Multiple crash vulnerabilities in UDPTL code (Closes: #614580). * Patch AST-2011-005 (CVE-2011-1507): Resource exhaustion in Asterisk Manager Interface. * Patch AST-2011-005-p2: Resource exhaustion in chan_skinny and AJAM - second part of the above (Closes: #618790). * Patch AST-2011-006: Check for "system" privilege in the manager interface (Closes: #623775). * Patches AST-2011-003, manager_manager_bugfix_reload - its pre-requirements. * Patch AST-2011-004: Remote crash vulnerability in TCP/TLS server (Closes: #618791). -- Tzafrir Cohen <email address hidden> Sat, 23 Apr 2011 17:35:01 +0300
-
asterisk (1:1.6.2.9-2+squeeze1) stable-security; urgency=high
* AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver (Closes: #610487) -- Faidon Liambotis <email address hidden> Thu, 10 Feb 2011 19:03:02 +0200
-
asterisk (1:1.6.2.9-2) unstable; urgency=high
[ Tzafrir Cohen ]
* Bump Standards version to 3.9.0 (no change needed).
* rtcp_cli_fix: Backport a silly CLI parsing issue. (Closes: #589736)
* Patch typos: fix a few typos in the source.
* Patch man_hyphen: fix hyphen/minus issues in man pages.
* Remove useless binaries aelparse, conf2ael and muted.
[ Faidon Liambotis ]
* Change the way that we read include files, to accommodate for changes
in GCC 4.4. Taken from upstream's SVN, thanks to Peter Allgeyer for the
patch and Stefan Bauer for preparing an upload. (Closes: #594190)
* Set urgency high for a squeeze-targetted RC bug-fixing upload.
-- Faidon Liambotis <email address hidden> Tue, 07 Sep 2010 21:52:54 +0300
