asterisk 1: source package in Ubuntu


asterisk (1: lucid; urgency=low

  [ Dave Walker (Daviey) ]
  * SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
    - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
      check ACL for handling SIP INVITEs.  This blocks calls on networks
      intended to be prohibited, by configuration. Based on upstream patch.
    - AST-2009-007
    - CVE-2009-3723
  * SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
    - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
      to stop a specially crafted series of requests returning valid usernames.
      Based on upstream patch.
    - AST-2009-008
    - CVE-2009-3727
  * SECURITY UPDATE:  RTP Remote Crash Vulnerability (LP: #493555).
    - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
      comfort noise payload containing 24 bytes or greater is recieved.
    - AST-2009-010
    - CVE-2009-4055

  [ Roberto D'Auria ]
  * debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on
    heavy traffic on iax2 channel, editing channels/chan_iax2.c.
    Based on upstream patch. (LP: #501116)
 -- Roberto D'Auria <email address hidden>   Wed, 30 Dec 2009 14:49:24 +0100

Upload details

Uploaded by:
Roberto D'Auria on 2009-12-30
Sponsored by:
Devid Antonio Filoni
Uploaded to:
Original maintainer:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
asterisk_1.6.2.0~rc2.orig.tar.gz 21.9 MiB 2c0b8de16dab004c697020bfb8bccf52ee06560e2e99ce3e212364001357e0e9
asterisk_1.6.2.0~rc2-0ubuntu2.diff.gz 64.9 KiB 3c45177f2922899f512b649c58c26230f50126ec299f73699c48b823ddf393cb
asterisk_1.6.2.0~rc2-0ubuntu2.dsc 2.1 KiB 108fc5caa538fbd86c1346cee55045d387d029f2ac3af765b4179b84d1f832a6

View changes file

Binary packages built by this source