-
asterisk (1:11.13.1~dfsg-2+deb8u5) jessie-security; urgency=medium
* CVE-2017-17090 / /AST-2017-013: memory leak from chan_skinny
(Closes: #883342).
* Note: advisories AST-2017-009 - AST-2017-012 do not apply to asterisk 11
(Closes: #881257, #881256).
-- Tzafrir Cohen <email address hidden> Fri, 29 Dec 2017 23:24:50 +0200
-
asterisk (1:11.13.1~dfsg-2+deb8u4) jessie-security; urgency=high
* CVE-2017-14603 / AST-2017-008
This is a follow-up for AST-2017-005: RTP/RTCP information leak
improving robustness of the security fix and fixing a regression
with re-INVITEs (Closes: #876328)
-- Bernhard Schmidt <email address hidden> Sat, 23 Sep 2017 21:07:18 +0200
-
asterisk (1:11.13.1~dfsg-2+deb8u2) jessie; urgency=medium
* AST-2016-009: non-printable ASCII chars treated as whitespace (CVE-2016-9938)
(Closes: #847668)
-- Bernhard Schmidt <email address hidden> Tue, 03 Jan 2017 23:54:39 +0100
-
asterisk (1:11.13.1~dfsg-2) testing-proposed-updates; urgency=high
* New upstream release: fixes AST-2014-011 (CVE-2014-3566, POODLE).
* Add a local gbp.conf for branch jessie
* New patches for recent security issues (Closes: #771463):
- AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs
may permit unwanted traffic
- AST-2014-014 (CVE-2014-8414): High call load may result in hung
channels in ConfBridge
- AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive
function for external APIs
- AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for
external APIs
* AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in
WebSocket Server (Closes: #773230).
* sanity check to avoid changing the ABI hash.
-- Tzafrir Cohen <email address hidden> Thu, 01 Jan 2015 01:25:11 +0200
-
asterisk (1:11.13.0~dfsg-1) unstable; urgency=medium
* New upstream release.
- Drop aelparse_manpage.patch and smsq_manpage.patch, fixed upstream.
* Fix an out of bounds error in res_fax.c.
* Allow res_calendar_ews to work with neon 0.30.x (Closes: #761677).
* Build with all hardening options enabled.
-- Jeremy Lainé <email address hidden> Fri, 26 Sep 2014 12:30:57 +0200
-
asterisk (1:11.12.1~dfsg-1) unstable; urgency=high
* New upstream security release, fixes:
- AST-2014-010 a.k.a. CVE-2014-6610 (Closes: #762164).
-- Jeremy Lainé <email address hidden> Mon, 22 Sep 2014 09:53:31 +0200
-
asterisk (1:11.12.0~dfsg-1) unstable; urgency=medium
* New upstream release.
- Drop pbx_lua_regression patch, fixed upstream.
* Make asterisk Provide asterisk-$$AST_BUILDOPT_SUM (Closes: #689109).
-- Jeremy Lainé <email address hidden> Wed, 20 Aug 2014 15:23:03 +0200
-
asterisk (1:11.11.0~dfsg-2) unstable; urgency=medium
* Fix loading lua modules from pbx_lua (Closes: #756425).
* Ship the aelparse utility (Closes: #747866).
-- Jeremy Lainé <email address hidden> Thu, 07 Aug 2014 13:00:58 +0200
-
asterisk (1:11.11.0~dfsg-1) unstable; urgency=medium
* New upstream release.
- Drop safe_asterisk-config and safe_asterisk-nobg patches, fixed upstream
in bug ASTERISK-23492.
- Update pjproject patch.
* Remove svn-upgrade from watch file.
-- Jeremy Lainé <email address hidden> Fri, 11 Jul 2014 00:59:13 +0200
-
asterisk (1:11.10.2~dfsg-1) unstable; urgency=high
* New upstream security release, fixes:
- AST-2014-006: Asterisk Manager User Unauthorized Shell Access
- AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
-- Jeremy Lainé <email address hidden> Fri, 13 Jun 2014 22:02:37 +0200
-
asterisk (1:11.10.0~dfsg-1) unstable; urgency=medium
* New upstream release.
-- Jeremy Lainé <email address hidden> Mon, 02 Jun 2014 16:06:27 +0200
-
asterisk (1:11.9.0~dfsg-2) unstable; urgency=medium
* Rollback changes to init script (Closes: #749024).
-- Jeremy Lainé <email address hidden> Tue, 27 May 2014 09:17:06 +0200
-
asterisk (1:11.9.0~dfsg-1) unstable; urgency=medium
[ Jeremy Lainé ]
* New upstream release.
- Drop ASTERISK-23310 patch, fixed upstream.
- Drop dahdi_pri_event_removed patch, fixed upstream.
- Drop freeradius-client patch, fixed upstream.
- Update pjproject patch.
* Provide a manpage for smsq.
* Use "set -e" in asterisk.(postrm|prerm) (fixes lintian warning).
* Add upstream GPG signature check to watch file.
* Add Daniel Pocock to uploaders.
[ Daniel Pocock ]
* Make init script more adaptable for multiple instances.
[ Tzafrir Cohen ]
* pri_destroy_span_prilist.patch, sigpri_handle_enodev_1.patch: fix
regressions due to dahdi_pri_event_removed.
-- Jeremy Lainé <email address hidden> Wed, 21 May 2014 12:03:09 +0200
-
asterisk (1:11.8.1~dfsg-1) unstable; urgency=high
* New upstream security release (Closes: #741313).
-- Jeremy Lainé <email address hidden> Tue, 11 Mar 2014 07:44:54 +0100
-
asterisk (1:11.8.0~dfsg-2) unstable; urgency=medium
* Really fix versioned Breaks/Replaces for asterisk-dahdi (Closes: #732419).
-- Jeremy Lainé <email address hidden> Thu, 06 Mar 2014 07:38:11 +0100
-
asterisk (1:11.7.0~dfsg-1) unstable; urgency=high
* New upstream security release (Closes: #732355).
- Drop astdb_mans patch, fixed upstream.
* Fix versioned Breaks/Replaces for asterisk-dahdi (Closes: #732419).
-- Jeremy Lainé <email address hidden> Wed, 18 Dec 2013 09:47:58 +0100
-
asterisk (1:11.5.1~dfsg1-1) unstable; urgency=low
* Remove res/pjproject from the source tarball (Closes: #725210).
-- Jeremy Lainé <email address hidden> Thu, 03 Oct 2013 09:25:06 +0200
-
asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
* Rewrtote sip.conf parts of AST-2012-014: dropped patches
fix-sip-tcp-no-FILE and fix-sip-tls-leak.
* Reverting other changes rejected by the release team: README.Debian,
powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
-- Tzafrir Cohen <email address hidden> Tue, 09 Apr 2013 13:23:07 +0300