Change logs for asterisk source package in Maverick

asterisk (1:1.6.2.7-1ubuntu1.2) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code exection via
    crafted UDPTL packet
    - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in
      main/udptl.c.
    - CVE-2011-1147
  * SECURITY UPDATE: denial of service via manager session with invalid
    data
    - debian/patches/AST-2011-003-1.6.2.diff: check for errors in
      main/manager.c.
    - CVE-2011-1174
  * SECURITY UPDATE: denial of service via many short TLS sessions
    - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures
      in main/tcptls.c.
    - CVE-2011-1175
  * SECURITY UPDATE: denial of service via a series of TCP connections
    - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session
      limits to main/manager.c, configs/manager.conf.sample,
      channels/chan_sip.c, channels/chan_skinny.c, main/http.c,
      configs/{skinny,sip,http}.conf.sample.
    - CVE-2011-1507
  * SECURITY UPDATE: remote command execution via incomplete system
    privilege check
    - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in
      main/manager.c.
    - CVE-2011-1599
  * SECURITY UPDATE: denial of service via crafted packet and SIP channel
    driver
    - debian/patches/AST-2011-008.diff: set proper length in
      channels/chan_sip.c.
    - CVE-2011-2529
  * SECURITY UPDATE: denial of service and possible code execution via
    IAX2 channel driver crafted frame
    - debian/patches/AST-2011-010-1.6.2.diff: validate options in
      channels/chan_iax2.c, main/features.c.
    - CVE-2011-2535
  * SECURITY UPDATE: account name enumeration
    - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in
      channels/chan_sip.c.
    - CVE-2011-2536
 -- Marc Deslauriers <email address hidden>   Tue, 12 Jul 2011 15:44:59 -0400

asterisk (1:1.6.2.7-1ubuntu1.1) maverick-security; urgency=low

  * SECURITY UPDATE: Stack buffer overflow in SIP channel driver. (LP: #705014)
    - debian/patches/AST-2011-001-1.6.2: The size of the output buffer passed
      to the ast_uri_encode function is now properly respected in main/utils.c.
      Patch courtesy of upstream.
    - CVE-2011-0495
 -- Dave Walker (Daviey) <email address hidden>   Thu, 20 Jan 2011 23:36:57 +0000

asterisk (1:1.6.2.7-1ubuntu1) maverick; urgency=low

  * Merge from debian unstable (LP: #597792), remaining changes:
    - debian/control:
      + Build-depend on hardening-wrapper
      + Change Maintainer
      + Removed Uploaders field.
      + Removed Debian Vcs-Svn entry and replaced with ubuntu-voip Vcs-Bzr,
        to reflect divergence in packages.
    - debian/rules: Make use of hardening-wrapper
    - debian/asterisk.init: chown /dev/dahdi
    - debian/backports/hardy: add file
    - debian/backports/asterisk.init.hardy: add file

asterisk (1:1.6.2.7-1) unstable; urgency=low

  * New upstream release
  * Add Build-Depends: libsqlite0-dev | libsqlite-dev
  * Included upstream: followme_prompts sqlite3_func_rename

asterisk (1:1.6.2.6-2) unstable; urgency=low

  * Also depend on openr2.
  * Patch fxs_ports_1626: fixes regression when building with openr2 support.

asterisk (1:1.6.2.6-1) unstable; urgency=low

  * New upstream release.
    - Fixes AST-2010-003 - CVE-2010-1224 (Closes: #576560).
  * Patch h323-fix-makefile dropped: merged upstream.
  * Patch safe_asterisk-config: Mostly merged upstream.
  * Patch moh_datadir: Make the datadir the default base for moh files
    if a relative path is used.
  * Patch dahdi-fxsks-hookstate: a newer version.
  * sounds/en/ is now an alternative. English sounds installed to
    en_US_f_Allison .
  * Removed empty es/ and fr/ directories under sounds/
  * Patch settings_show_dirs: display the user values of more configurable
    items.
  * Patch dahdi_fxs_false_ringing: Fix having Astribank FXS-s keep ringing if
    answered too soon.
  * Patch followme_prompts: set proper vars when reading followme.conf
  * Patch sqlite3_func_rename: Avoid issues with the name sqlite3_log .
  * Patch h323-extra-target: Allow manuallly generate channels/h323/Makefile.ast
  * And use it to generate the file before building, as otherwise some libs
    are missing from the link command, resulting in chan_h323.so load fail.
 -- Lorenzo De Liso <email address hidden>   Wed, 23 Jun 2010 19:37:50 +0200

asterisk (1:1.6.2.5-0ubuntu1) lucid; urgency=low

  * New upstream bugfix release (1.6.2.5)
   * Security Fixes:
    - AST-2010-003: Invalid parsing of ACL rules can compromise security
    - AST-2010-002: Dialplan injection vulnerability

  * Remaining Ubuntu-specific changes:
    - debian/control: Build-depend on hardening-wrapper
    - debian/rules: Make use of hardening-wrapper
    - debian/control: Change Maintainer
    - debian/control: Removed Uploaders field.
    - debian/control: Removed Debian Vcs-Svn entry and replaced with
        ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
    - debian/asterisk.init : chown /dev/dahdi
    - debian/backports/hardy : add file
    - debian/backports/asterisk.init.hardy : add file
 -- Jean-Michel Dault <email address hidden>   Tue, 13 Apr 2010 16:27:27 -0400