Debian
asterisk package

Change logs for asterisk source package in Squeeze

  1. Squeeze (6.0)
  2. Change log 
  • asterisk (1:1.6.2.9-2+squeeze12) oldstable-security; urgency=high


  * Backport of fixes in Asterisk 1.8.24.1 (Closes: #732355):
    - Patch AST-2013-006: fixes a buffer overflow in app_sms.
    - Patch AST-2013-007: guards access to code execution from remote interfaces
      - but patch out the change in asterisk.conf.
      - Patch ASTERISK-20658: fixes potential crash with asterisk-realtime

 -- Tzafrir Cohen <email address hidden>  Fri, 20 Dec 2013 21:00:49 +0200
  • asterisk (1:1.6.2.9-2+squeeze11) oldstable-security; urgency=high


  * Patch AST-2013-004 (CVE-2013-5641): chan_sip: crash in ACK to SDP
  * Patch AST-2013-005 (CVE-2013-5642): Fix crash caused by invalid SDP
    (Closes: #721220).
  * Update VCS links.

 -- Tzafrir Cohen <email address hidden>  Thu, 29 Aug 2013 21:31:43 +0300
  • asterisk (1:1.6.2.9-2+squeeze10) stable-security; urgency=high


  * Fix typo in patch AST-2012-015 (Closes: #698112, #698118).
  * Fix an error in patch AST-2012-014 (Javier Serrano Polo).

 -- Tzafrir Cohen <email address hidden>  Mon, 14 Jan 2013 15:15:28 +0200
  • asterisk (1:1.6.2.9-2+squeeze6) stable-security; urgency=high


  * Patch AST-2012-007 (CVE-2012-2947): Fix IAX receiving HOLD without
    suggested MOH class crash (Closes: #675204).
  * Patch AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
    (Closes: #675210).
    - Patch skinny_fix_16040: A minor bugfix required to cleanly apply it.

 -- Tzafrir Cohen <email address hidden>  Wed, 30 May 2012 15:01:36 +0300
  • asterisk (1:1.6.2.9-2+squeeze5) stable-security; urgency=high


  * Do include patch AST-2011-014.
  * Quote pathes in postinst script: Closes: #656208 (Pocos).
  * Patch AST-2012-002 Stack overflow in Milliwatt
    (CVE-2012-1183): Closes: #664411.
  * Two extra patches: Closes: #670180:
    - Patch AST-2012-004 - further Manager permission fixes (CVE-2012-2414).
    - Patch AST-2012-005 - Heap overflow in chan_skinny (CVE-2012-2415).

 -- Tzafrir Cohen <email address hidden>  Wed, 25 Apr 2012 12:00:20 +0300
  • asterisk (1:1.6.2.9-2+squeeze4) stable-security; urgency=high


  [ Kilian Krause ]
  * Fix sporadic segfault in chan_sip.so (Closes: #630381).

  [ Tzafrir Cohen ]
  * Patch fix_bridging_crash: segfault in bridging API (Closes: #639821).
  * README.Debian: clarify datadir pathes (regarding #628415).
  * Patch AST-2011-014 (CVE-2011-4598) - Remote crash possibility with
    SIP and the “automon” feature enabled Closes: #651552.
    inapplicable to Lenny).
  * Patch AST-2011-013 (CVE-2011-4597) : potential remote information
    disclosure.
    - The patch changeges the sample sip.conf . We change the sample
       config files, but not the files under /etc/asterisk .

 -- Tzafrir Cohen <email address hidden>  Sun, 18 Dec 2011 22:20:47 +0200
  • asterisk (1:1.6.2.9-2+squeeze3) stable-security; urgency=high


  * Patch AST-2011-008 (CVE-2011-2529) - crash on a malformed SIP packet
   (Closes: 631446).
  * Patch AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote
    pointer (closes: #631448).
  * AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
    (closes: #632029)

 -- Tzafrir Cohen <email address hidden>  Fri, 01 Jul 2011 14:57:12 +0300
  • asterisk (1:1.6.2.9-2+squeeze2) stable-security; urgency=high
  * Patch AST-2011-002 (CVE-2011-1147): Multiple crash vulnerabilities in    UDPTL code (Closes: #614580).  * Patch AST-2011-005 (CVE-2011-1507): Resource exhaustion in Asterisk    Manager Interface.  * Patch AST-2011-005-p2: Resource exhaustion in chan_skinny and AJAM -    second part of the above (Closes: #618790).  * Patch AST-2011-006: Check for "system" privilege in the manager interface    (Closes: #623775).  * Patches AST-2011-003, manager_manager_bugfix_reload - its pre-requirements.  * Patch AST-2011-004: Remote crash vulnerability in TCP/TLS server    (Closes: #618791). -- Tzafrir Cohen <email address hidden>  Sat, 23 Apr 2011 17:35:01 +0300
  • asterisk (1:1.6.2.9-2+squeeze1) stable-security; urgency=high
  * AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver    (Closes: #610487) -- Faidon Liambotis <email address hidden>  Thu, 10 Feb 2011 19:03:02 +0200
  • asterisk (1:1.6.2.9-2) unstable; urgency=high


  [ Tzafrir Cohen ]
  * Bump Standards version to 3.9.0 (no change needed).
  * rtcp_cli_fix: Backport a silly CLI parsing issue. (Closes: #589736)
  * Patch typos: fix a few typos in the source.
  * Patch man_hyphen: fix hyphen/minus issues in man pages.
  * Remove useless binaries aelparse, conf2ael and muted.

  [ Faidon Liambotis ]
  * Change the way that we read include files, to accommodate for changes
    in GCC 4.4. Taken from upstream's SVN, thanks to Peter Allgeyer for the
    patch and Stefan Bauer for preparing an upload. (Closes: #594190)
  * Set urgency high for a squeeze-targetted RC bug-fixing upload.

 -- Faidon Liambotis <email address hidden>  Tue, 07 Sep 2010 21:52:54 +0300
  • asterisk (1:1.6.2.9-1) unstable; urgency=low


  * NOT RELEASED YET
  * New upstream release (Closes: #585156).
  - Patch dahdi_fxs_false_ringing removed: merged upstream.
  - Patch fxs_ports_1626 removed: merged upstream.
  * Fix dependencies so we start after named and such (Closes: #433779).
  * Do use libresample (app_jack, codec_resample).

 -- Tzafrir Cohen <email address hidden>  Tue, 29 Jun 2010 23:53:28 +0300
  • asterisk (1:1.6.2.6-1) unstable; urgency=low


  * New upstream release.
    - Fixes AST-2010-003 - CVE-2010-1224 (Closes: #576560).
  * Patch h323-fix-makefile dropped: merged upstream.
  * Patch safe_asterisk-config: Mostly merged upstream. 
  * Patch moh_datadir: Make the datadir the default base for moh files
    if a relative path is used.
  * Patch dahdi-fxsks-hookstate: a newer version. 
  * sounds/en/ is now an alternative. English sounds installed to
    en_US_f_Allison .
  * Removed empty es/ and fr/ directories under sounds/ 
  * Patch settings_show_dirs: display the user values of more configurable
    items. 
  * Patch dahdi_fxs_false_ringing: Fix having Astribank FXS-s keep ringing if
    answered too soon. 
  * Patch followme_prompts: set proper vars when reading followme.conf
  * Patch sqlite3_func_rename: Avoid issues with the name sqlite3_log . 
  * Patch h323-extra-target: Allow manuallly generate channels/h323/Makefile.ast
  * And use it to generate the file before building, as otherwise some libs
    are missing from the link command, resulting in chan_h323.so load fail.

 -- Tzafrir Cohen <email address hidden>  Sat, 10 Apr 2010 21:18:39 +0300
  • asterisk (1:1.6.2.2-1) unstable; urgency=medium


  [ Faidon Liambotis ]
  * Relax Debian revision parsing regexp in debian/rules to help with parsing
    derivatives (e.g. Ubuntu) and backports.org revisions.
  * Urgency medium because of a security fix upload.
  * Bump Standards-Version to 3.8.4, no changes needed.
  * Add ${misc:Depends} on all packages; no functional change, just makes
    lintian happier.
  * Use $remote_fs instead of $local_fs in init script's Required-{Start,Stop}
    since we use /usr. Thanks lintian!

  [ Tzafrir Cohen ]
  * New upstream release. Fixes CVE-2010-0441 (AST-2010-001).
  * Patch sound_files: configure asterisk not to download the new MoH files.
  * Move sound files tarball to a safe place, as the patch we used to
    protect them is aparantly not in effect at clean time.

 -- Faidon Liambotis <email address hidden>  Sun, 07 Feb 2010 15:13:47 +0200
  • asterisk (1:1.6.2.0-1) unstable; urgency=low


  * New upstream release.
  * Use DEP3 to tag all of our patches and their merge status.

 -- Faidon Liambotis <email address hidden>  Mon, 21 Dec 2009 06:19:38 +0200
  • asterisk (1:1.6.2.0~rc7-1) unstable; urgency=high


  * New upstream release candidate.
    - Fixes RTP comfort noise issues: CVE-2009-4055 (Closes: #559103).

 -- Tzafrir Cohen <email address hidden>  Wed, 02 Dec 2009 20:47:02 +0200
  • asterisk (1:1.6.2.0~dfsg~rc1-1) unstable; urgency=low


  [ Faidon Liambotis ]
  * New upstream release.
    - Fixes CVE-2009-2726 aka AST-2009-005 (Closes: #541441).
    - Ship CC BY-SA 3.0 licensed music-on-hold sounds, replacing the old
      non-free FreePlay Music that were never distributed by Debian.
    - Removed patches/makefile_appdocs_dtd (merged upstream) and
      patches/disable_moh (obsoleted, see above).
  * Fix FTBFS on armel. (Closes: #532971)
  * Bump Standards-Version to 3.8.3, no changes needed.
  * Provides: asterisk-1.6.2, instead of 1.6.1; there are no ABI gurantees
    between 1.6.x releases.
  * Remove references of Section: comm in individual binary packages as it is
    inherited from the source package.

  [ Tzafrir Cohen ]
  * Patch hardware_dtmf_mute_fix removed: Applied upstream.
  * No need for a separate app_directory_odbc (will use app_voicemail_odbc).
  * Fix name of voicemail 'openssl' dep. (Thomas Renard) (Closes: #539150)
  * Patch AST-2009-006: breaks IAX2 compatibility, note it in NEWS.Debian.
    (Closes: #539473)

 -- Faidon Liambotis <email address hidden>  Sun, 13 Sep 2009 02:22:17 +0300
  • asterisk (1:1.4.21.2~dfsg-3) unstable; urgency=medium


  [ Faidon Liambotis ]
  * Fix a segfault that occured on AEL parsing on amd64 systems.
    (Closes: #507883)
  * Remove bristuff/app-meetme-avoid-overflows patch as it apparently causes
    more problems than it solves (if any).
    (Closes: #505310)
  * Urgency medium because of the RC bugfix.

  [ Patrick Matthäi ]
  * Bumped Standards-Version to 3.8.0.

  [ Mark Purcell ]
  * Update debian/watch

 -- Faidon Liambotis <email address hidden>  Sun, 04 Jan 2009 21:07:37 +0200