Change logs for asterisk source package in Jessie

  • asterisk (1:11.13.1~dfsg-2+deb8u5) jessie-security; urgency=medium
    
      * CVE-2017-17090 / /AST-2017-013: memory leak from chan_skinny
        (Closes: #883342).
      * Note: advisories AST-2017-009 - AST-2017-012 do not apply to asterisk 11
        (Closes: #881257, #881256).
    
     -- Tzafrir Cohen <email address hidden>  Fri, 29 Dec 2017 23:24:50 +0200
  • asterisk (1:11.13.1~dfsg-2+deb8u4) jessie-security; urgency=high
    
      * CVE-2017-14603 / AST-2017-008
        This is a follow-up for AST-2017-005: RTP/RTCP information leak
        improving robustness of the security fix and fixing a regression
        with re-INVITEs (Closes: #876328)
    
     -- Bernhard Schmidt <email address hidden>  Sat, 23 Sep 2017 21:07:18 +0200
  • asterisk (1:11.13.1~dfsg-2+deb8u2) jessie; urgency=medium
    
      * AST-2016-009: non-printable ASCII chars treated as whitespace (CVE-2016-9938)
        (Closes: #847668)
    
     -- Bernhard Schmidt <email address hidden>  Tue, 03 Jan 2017 23:54:39 +0100
  • asterisk (1:11.13.1~dfsg-2) testing-proposed-updates; urgency=high
    
    
      * New upstream release: fixes AST-2014-011 (CVE-2014-3566, POODLE).
      * Add a local gbp.conf for branch jessie
      * New patches for recent security issues (Closes: #771463):
        - AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs
          may permit unwanted traffic
        - AST-2014-014 (CVE-2014-8414): High call load may result in hung
          channels in ConfBridge
        - AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive
          function for external APIs
        - AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for
          external APIs
      * AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in
        WebSocket Server (Closes: #773230).
      * sanity check to avoid changing the ABI hash.
    
     -- Tzafrir Cohen <email address hidden>  Thu, 01 Jan 2015 01:25:11 +0200
  • asterisk (1:11.13.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
        - Drop aelparse_manpage.patch and smsq_manpage.patch, fixed upstream.
      * Fix an out of bounds error in res_fax.c.
      * Allow res_calendar_ews to work with neon 0.30.x (Closes: #761677).
      * Build with all hardening options enabled.
    
     -- Jeremy Lainé <email address hidden>  Fri, 26 Sep 2014 12:30:57 +0200
  • asterisk (1:11.12.1~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release, fixes:
        - AST-2014-010 a.k.a. CVE-2014-6610 (Closes: #762164).
    
     -- Jeremy Lainé <email address hidden>  Mon, 22 Sep 2014 09:53:31 +0200
  • asterisk (1:11.12.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
        - Drop pbx_lua_regression patch, fixed upstream.
      * Make asterisk Provide asterisk-$$AST_BUILDOPT_SUM (Closes: #689109).
    
     -- Jeremy Lainé <email address hidden>  Wed, 20 Aug 2014 15:23:03 +0200
  • asterisk (1:11.11.0~dfsg-2) unstable; urgency=medium
    
    
      * Fix loading lua modules from pbx_lua (Closes: #756425).
      * Ship the aelparse utility (Closes: #747866).
    
     -- Jeremy Lainé <email address hidden>  Thu, 07 Aug 2014 13:00:58 +0200
  • asterisk (1:11.11.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
        - Drop safe_asterisk-config and safe_asterisk-nobg patches, fixed upstream
          in bug ASTERISK-23492.
        - Update pjproject patch.
      * Remove svn-upgrade from watch file.
    
     -- Jeremy Lainé <email address hidden>  Fri, 11 Jul 2014 00:59:13 +0200
  • asterisk (1:11.10.2~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release, fixes:
        - AST-2014-006: Asterisk Manager User Unauthorized Shell Access
        - AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
    
     -- Jeremy Lainé <email address hidden>  Fri, 13 Jun 2014 22:02:37 +0200
  • asterisk (1:11.10.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
    
     -- Jeremy Lainé <email address hidden>  Mon, 02 Jun 2014 16:06:27 +0200
  • asterisk (1:11.9.0~dfsg-2) unstable; urgency=medium
    
    
      * Rollback changes to init script (Closes: #749024).
    
     -- Jeremy Lainé <email address hidden>  Tue, 27 May 2014 09:17:06 +0200
  • asterisk (1:11.9.0~dfsg-1) unstable; urgency=medium
    
    
      [ Jeremy Lainé ]
      * New upstream release.
        - Drop ASTERISK-23310 patch, fixed upstream.
        - Drop dahdi_pri_event_removed patch, fixed upstream.
        - Drop freeradius-client patch, fixed upstream.
        - Update pjproject patch.
      * Provide a manpage for smsq.
      * Use "set -e" in asterisk.(postrm|prerm) (fixes lintian warning).
      * Add upstream GPG signature check to watch file.
      * Add Daniel Pocock to uploaders.
    
      [ Daniel Pocock ]
      * Make init script more adaptable for multiple instances.
    
      [ Tzafrir Cohen ]
      * pri_destroy_span_prilist.patch, sigpri_handle_enodev_1.patch: fix
        regressions due to dahdi_pri_event_removed.
    
     -- Jeremy Lainé <email address hidden>  Wed, 21 May 2014 12:03:09 +0200
  • asterisk (1:11.8.1~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release (Closes: #741313).
    
     -- Jeremy Lainé <email address hidden>  Tue, 11 Mar 2014 07:44:54 +0100
  • asterisk (1:11.8.0~dfsg-2) unstable; urgency=medium
    
    
      * Really fix versioned Breaks/Replaces for asterisk-dahdi (Closes: #732419).
    
     -- Jeremy Lainé <email address hidden>  Thu, 06 Mar 2014 07:38:11 +0100
  • asterisk (1:11.7.0~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release (Closes: #732355).
        - Drop astdb_mans patch, fixed upstream.
      * Fix versioned Breaks/Replaces for asterisk-dahdi (Closes: #732419).
    
     -- Jeremy Lainé <email address hidden>  Wed, 18 Dec 2013 09:47:58 +0100
  • asterisk (1:11.5.1~dfsg1-1) unstable; urgency=low
    
    
      * Remove res/pjproject from the source tarball (Closes: #725210).
    
     -- Jeremy Lainé <email address hidden>  Thu, 03 Oct 2013 09:25:06 +0200
  • asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
    
    
      * Rewrtote sip.conf parts of AST-2012-014: dropped patches
        fix-sip-tcp-no-FILE and fix-sip-tls-leak.
      * Reverting other changes rejected by the release team: README.Debian,
        powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
    
     -- Tzafrir Cohen <email address hidden>  Tue, 09 Apr 2013 13:23:07 +0300