-
asterisk (1:16.2.1~dfsg-1+deb10u2) buster; urgency=medium
* CVE-2019-15297: AST-2019-004
Crash when negotiating for T.38 with a declined stream (Closes: #940060)
* CVE-2019-18790: AST-2019-006
SIP request can change address of a SIP peer (Closes: #947381)
* CVE-2019-18610: AST-2019-007
AMI user could execute system commands (Closes: #947377)
* Fix use-after-free with TEST_FRAMEWORK enabled (Closes: #966334)
* Fix segfault in pjsip show history with IPv6 peers (Closes: #882145)
-- Bernhard Schmidt <email address hidden> Thu, 27 Aug 2020 00:53:40 +0200
-
asterisk (1:16.2.1~dfsg-1+deb10u1) buster; urgency=medium
* AST-2019-002 / CVE-2019-12827
Buffer overflow in res_pjsip_messaging (Closes: #931980)
* AST-2019-003 / CVE-2019-13161
Remote Crash Vulnerability in chan_sip (Closes: #931981)
* d/gbp.conf: Update for Buster branch
-- Bernhard Schmidt <email address hidden> Tue, 20 Aug 2019 22:31:36 +0200
-
asterisk (1:16.2.1~dfsg-1) unstable; urgency=medium
* New upstream version 16.2.1~dfsg
- CVE-2019-7251 / AST-2019-001 (Closes: #923690)
Remote crash vulnerability with SDP protocol violation
* Bump dependency on libjansson-dev to >= 2.11 (required by upstream)
-- Bernhard Schmidt <email address hidden> Thu, 07 Mar 2019 23:13:24 +0100
-
asterisk (1:16.2.0~dfsg-1) unstable; urgency=medium
* New upstream version 16.2.0~dfsg
-- Bernhard Schmidt <email address hidden> Wed, 20 Feb 2019 23:49:31 +0100
-
asterisk (1:16.1.1~dfsg-1) unstable; urgency=medium
Upload new major version to unstable
[ Bernhard Schmidt ]
* New upstream version 16.1.1 (Closes: #886984, #917481)
- build with embedded pjproject 2.8 (dfsg-repacked)
- Add lintian overrides for bundled library
- Reenable app_macro, many dialplans need it
* Update d/watch for Asterisk 16.x
* Add signing key for Chris Savinovich <email address hidden>
* New upstream version 16.1.0~dfsg
* README.Debian: Fix a typo found by lintian
* Drop libsqlite0-dev, deprecated
* Do not load any local channel drivers by default (Closes: #821392)
* asterisk.service: Attempt to run with realtime priority by default
(Closes: #801629)
* Improve/fix some raceconditions in sysv-initscript.
Thanks to Walter Doekes (Closes: #778746)
[ Rob Thomas ]
* Build-Depend on libunbound-dev for async DNS
-- Bernhard Schmidt <email address hidden> Fri, 11 Jan 2019 18:51:43 +0100
-
asterisk (1:13.23.1~dfsg-2) unstable; urgency=medium
* Fix autopkgtest by parsing XML results (Closes: #909689)
-- Bernhard Schmidt <email address hidden> Thu, 03 Jan 2019 16:20:10 +0100
-
asterisk (1:13.23.1~dfsg-1) unstable; urgency=medium
* New upstream version 13.23.1~dfsg
- CVE-2018-17281 / AST-2018-009 (Closes: #909554)
Remote crash vulnerability in HTTP websocket upgrade
* Add lintian overrides for modules
-- Bernhard Schmidt <email address hidden> Tue, 25 Sep 2018 09:59:08 +0200
-
asterisk (1:13.22.0~dfsg-2) unstable; urgency=medium
* Fix/enable autopkgtest
- Do not log disabled tests to stderr
- Look at the correct line in the summary for failed tests
-- Bernhard Schmidt <email address hidden> Wed, 05 Sep 2018 11:30:36 +0200
-
asterisk (1:13.22.0~dfsg-1) unstable; urgency=medium
* New upstream version 13.22.0~dfsg
- CVE-2018-12227 / AST-2018-008 (Closes: #902954)
PJSIP endpoint presence disclosure when using ACL
- pjsip: Increase maximum number of usable ciphers (Closes: #897412)
* Drop d/p/no_uname, not necessary anymore
* Drop d/p/radcli-detection.patch, applied upstream
* Fix d/p/hack-multiple-app-voicemail for upstream libtdl drop
* Unfuzz d/p/amr.patch and d/p/ffmpeg-detection.patch
* Fix FTBFS due to wrong filename for dh_installdocs (Closes: #903412)
-- Bernhard Schmidt <email address hidden> Sun, 22 Jul 2018 23:31:23 +0200
-
asterisk (1:13.20.0~dfsg-1) unstable; urgency=medium
* New upstream version 13.20.0 (Closes: #891227, #891228)
* Reorganize upstream GPG keys
- Split individual signing keys in separate files
- Add new key for Ben Ford <email address hidden>: 0x073B0C1FC9B2E352
- Add new key for Joshua Colp <email address hidden>:
0xCDBEE4CC699E200EB4D46BB79E76E3A42341CE04
* Fix missing/broken Closes: in previous changelog
* Install realtime database schema into asterisk-doc
* Point Vcs-* to salsa
-- Bernhard Schmidt <email address hidden> Tue, 03 Apr 2018 10:59:20 +0200
-
asterisk (1:13.18.5~dfsg-1) unstable; urgency=medium
* New upstream release:
- CVE-2017-17850 / AST-2017-014 (closes: #885072)
- AST-2017-012: Remote Crash Vulnerability in RTCP Stack
* Re-add support for snmp (Closes #851738)
* Don't load dundi, mgcp, skinny and unistim by default
* Avoid parallel build in 'make install'
* tests: realpath is now in coreutils
* asttestmods: enable res_pjsip_pubsub tests
* asttestmods: run asterisk as user asterisk
* asttestmods: disable module test_cel for now
-- Tzafrir Cohen <email address hidden> Thu, 28 Dec 2017 00:20:16 +0200
-
asterisk (1:13.18.3~dfsg-1) unstable; urgency=medium
* New upstream version 13.18.3~dfsg
- CVE-2017-17090 / AST-2017-013
DOS Vulnerability in Asterisk chan_skinny (Closes: #883342)
* Drop duplicate filter line from d/gbp.conf
-- Bernhard Schmidt <email address hidden> Thu, 07 Dec 2017 15:20:29 +0100
-
asterisk (1:13.18.1~dfsg-1) unstable; urgency=medium
* New upstream version 13.18.1~dfsg
- CVE-2017-16671 / AST-2017-010
Buffer overflow in CDR's set user (Closes: #881257)
- CVE-2017-16672 / AST-2017-011
Memory/File Descriptor/RTP leak in pjsip session resource
(Closes: #881256)
- Drop gmime-3.x and srtp 2.1 support patches applied upstream
- Drop pjsip_unresolved_symbol.patch applied upstream
* reproducibility: Sort order of input files for core-en_US.xml generation
* Drop dh --with autotools_dev, default in compat 10
* Add Multi-Arch: foreign to -dev and -doc
* Remove deprecated priority extra
-- Bernhard Schmidt <email address hidden> Thu, 09 Nov 2017 23:35:12 +0100
-
asterisk (1:13.17.2~dfsg-2) unstable; urgency=medium
* Build against libsrtp2
- Add versioned b-d to pjproject 2.7 built with libsrtp2
- d/p/libsrtp-2.1.x.patch: Upstream patch to support libsrtp 2.1.x
* Transition to gmime 3.0 (Closes: #867346)
- d/p/gmime-3.0.patch: Upstream patch to support gmime 3.0
* Bump Standards-Version to 4.1.1, drop obsolete build-deps
* Fix reproducible builds by overwriting kernel version and
machine architecture
-- Bernhard Schmidt <email address hidden> Fri, 06 Oct 2017 23:27:22 +0200
-
asterisk (1:13.17.2~dfsg-1) unstable; urgency=high
* New upstream version 13.17.2~dfsg
- CVE-2017-14603 / AST-2017-008
This is a follow-up for AST-2017-005: RTP/RTCP information leak
improving robustness of the security fix and fixing a regression
with re-INVITEs (Closes: #876328)
-- Bernhard Schmidt <email address hidden> Sat, 23 Sep 2017 20:41:06 +0200
-
asterisk (1:13.17.1~dfsg-1) unstable; urgency=high
* New upstream version 13.17.1, fixing three CVEs
- CVE-2017-14099 / AST-2017-005
Media takeover in RTP stack ("RTP bleed") (Closes: #873907)
- CVE-2017-14100 / AST-2017-006
Shell access command injection in app_minivm (Closes: #873908)
- CVE-2017-14098 / AST-2017-007
Remote Crash Vulerability in res_pjsip (Closes: #873909)
-- Bernhard Schmidt <email address hidden> Sat, 02 Sep 2017 22:34:09 +0200
-
asterisk (1:13.17.0~dfsg-2) unstable; urgency=medium
* Build with -Wl,--as-needed
* Add patch to (hopefully) build reproducibly
* Temporarily add libavdevice-dev to b-d to work around
pjproject issue
-- Bernhard Schmidt <email address hidden> Thu, 17 Aug 2017 21:10:03 +0200
-
asterisk (1:13.14.1~dfsg-2) unstable; urgency=high
[ Tzafrir Cohen ]
* CVE-2017-9358 / AST-2017-004: Memory exhaustion on short SCCP packets
(Closes: #863906)
* Documentation updates in debian/:
- d/p/test_framework.patch: no longer an upstream issue
- d/asterisk-config-custom:
- fix typo: buildbuildpackage (Closes: #860902)
- add comment that dpkg-buildpackage comes from dpkg-dev
-- Bernhard Schmidt <email address hidden> Fri, 02 Jun 2017 14:40:15 +0200
