Ubuntu
asterisk package

Branches for Hardy

Name Status Last Modified Last Commit
lp://staging/ubuntu/hardy/asterisk 2 Mature 2009-09-28 16:38:54 UTC
38. * SECURITY UPDATE: arbitrary code exe...

Author: William Grant
Revision Date: 2008-04-05 11:32:12 UTC

* SECURITY UPDATE: arbitrary code execution and authentication bypass.
  (LP: #210124)
  - debian/patches/CVE-2008-1289: Check that incoming RTP payloads are
    within buffer limits. Patch from Debian.
  - debian/patches/CVE-2008-1332: Ensure that allowguest has been enabled
    before deciding that authentication isn't required. Patch from Debian.
  - debian/patches/CVE-2008-1333: Interpret logging output as a character
    string, not a format string. Patch from Debian.
  - References:
    + CVE-2008-1289
    + CVE-2008-1332
    + CVE-2008-1333
    + AST-2008-002
    + AST-2008-003
    + AST-2008-004
* Modify Maintainer value to match the DebianMaintainerField
  specification.
lp://staging/ubuntu/hardy-security/asterisk 2 Mature 2009-09-28 16:39:29 UTC
39. * SECURITY UPDATE: ACK response spoof...

Author: Brian Thomason
Revision Date: 2009-03-16 17:52:11 UTC

* SECURITY UPDATE: ACK response spoofing
  - added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special
    id to prevent ACK response spoofing. Based on upstream patch.
  - CVE-2008-1897
  - AST-2008-006
* SECURITY UPDATE: POKE request flooding
  - added debian/patches/CVE-2008-3263: Adjust chan_iax2.c to prevent
    'POKE' request flooding. Based on upstream patch.
  - CVE-2008-3263
  - AST-2008-010
* SECURITY UPDATE: firmware packet flooding
  - added debian/patches/CVE-2008-3264: Adjust chan_iax2.c to prevent
    firmware packet flooding. Based on upstream patch.
  - CVE-2008-3264
  - AST-2008-011
* SECURITY UPDATE: information leak in IAX2 authentication
  - added debian/patches/CVE-2009-0041: Adjust chan_iax2.c to fix
    information leak in IAX2 authentication. Based on upstream patch.
  - CVE-2009-0041
  - AST-2009-001
* SECURITY UPDATE: SIP responses expose valid usernames
  - added debian/patches/CVE-2008-3903: Adjust chan_sip.c to make
    it more difficult to scan for available usernames.
  - CVE-2008-3903
  - AST-2009-003
* SECURITY UPDATE: An attacker could hijack a manager session
  - added debian/patches/CVE-2008-1390: Adjust manager.c to
    never assign an invalid id of 0
  - CVE-2008-1390
  - AST-2008-005
lp://staging/ubuntu/hardy-updates/asterisk 2 Mature 2009-09-29 00:37:21 UTC
39. * SECURITY UPDATE: ACK response spoof...

Author: Brian Thomason
Revision Date: 2009-03-16 17:52:11 UTC

* SECURITY UPDATE: ACK response spoofing
  - added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special
    id to prevent ACK response spoofing. Based on upstream patch.
  - CVE-2008-1897
  - AST-2008-006
* SECURITY UPDATE: POKE request flooding
  - added debian/patches/CVE-2008-3263: Adjust chan_iax2.c to prevent
    'POKE' request flooding. Based on upstream patch.
  - CVE-2008-3263
  - AST-2008-010
* SECURITY UPDATE: firmware packet flooding
  - added debian/patches/CVE-2008-3264: Adjust chan_iax2.c to prevent
    firmware packet flooding. Based on upstream patch.
  - CVE-2008-3264
  - AST-2008-011
* SECURITY UPDATE: information leak in IAX2 authentication
  - added debian/patches/CVE-2009-0041: Adjust chan_iax2.c to fix
    information leak in IAX2 authentication. Based on upstream patch.
  - CVE-2009-0041
  - AST-2009-001
* SECURITY UPDATE: SIP responses expose valid usernames
  - added debian/patches/CVE-2008-3903: Adjust chan_sip.c to make
    it more difficult to scan for available usernames.
  - CVE-2008-3903
  - AST-2009-003
* SECURITY UPDATE: An attacker could hijack a manager session
  - added debian/patches/CVE-2008-1390: Adjust manager.c to
    never assign an invalid id of 0
  - CVE-2008-1390
  - AST-2008-005
13 of 3 results FirstPreviousNextLast