Accepted asterisk 1:1.8.13.1~dfsg1-3+deb7u4 (source all i386) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 24 Apr 2016 16:03:02 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config
Architecture: source all i386
Version: 1:1.8.13.1~dfsg1-3+deb7u4
Distribution: wheezy-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dbg - Debugging symbols for Asterisk
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
Closes: 741313 762164 771463 782411
Changes:
asterisk (1:1.8.13.1~dfsg1-3+deb7u4) wheezy-security; urgency=high
.
* Non-maintainer upload by the Wheezy LTS Team.
* CVE-2014-6610 (in AST-2014-010-11.diff) (Closes: #762164)
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1
and Certified Asterisk 11.6 before 11.6-cert6, when using the
res_fax_spandsp module, allows remote authenticated users to
cause a denial of service (crash) via an out of call message,
which is not properly handled in the ReceiveFax dialplan
application.
* CVE-2014-4046 (in AST-2014-006-11.6.diff)
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1
and Certified Asterisk 11.6 before 11.6-cert3 allows remote
authenticated Manager users to execute arbitrary shell commands
via a MixMonitor action.
* CVE-2014-2286 (in AST-2014-001-1.8.15.diff) (Closes: #741313)
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x
before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk
1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote
attackers to cause a denial of service (stack consumption) and
possibly execute arbitrary code via an HTTP request with a large
number of Cookie headers.
* CVE-2014-8412 (in AST-2014-012-1.8.diff) (Closes: #771463)
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager
Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1,
11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1
and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before
11.6-cert8 allows remote attackers to bypass the ACL restrictions
via a packet with a source IP that does not share the address family
as the first ACL entry.
* CVE-2014-8418 (in AST-2014-018-1.8.diff) (Closes: #771463)
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32,
11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and
Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8
allows remote authenticated users to gain privileges via a call from
an external protocol, as demonstrated by the AMI protocol.
* CVE-2015-3008 (in AST-2015-003-1.8.diff) (Closes: #782411)
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x
before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28
before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before
13.1-cert2, when registering a SIP TLS device, does not properly
handle a null byte in a domain name in the subject's Common Name (CN)
field of an X.509 certificate, which allows man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority.
Checksums-Sha1:
dddc9d5e30ce1b9c205066b840607866758a2451 3810 asterisk_1.8.13.1~dfsg1-3+deb7u4.dsc
af724706092e1799a91a1f26f146f27af350a2f8 7454524 asterisk_1.8.13.1~dfsg1.orig.tar.gz
a982bf38ac0db29a24fb5c869d7434fe882ace0a 400434 asterisk_1.8.13.1~dfsg1-3+deb7u4.debian.tar.gz
01c610185b49460b5b5576d56e5c7e5e8c8cd778 1991064 asterisk-doc_1.8.13.1~dfsg1-3+deb7u4_all.deb
08fdb11b048ee5334c155c328645f7f9eb88e3f3 960784 asterisk-dev_1.8.13.1~dfsg1-3+deb7u4_all.deb
b9bf87aa602f933392bc4a6ca64467e03e2ab7df 1001390 asterisk-config_1.8.13.1~dfsg1-3+deb7u4_all.deb
93f42a72cc32d011aff9def0d24ba6a723b17538 1757312 asterisk_1.8.13.1~dfsg1-3+deb7u4_i386.deb
a18c3ecbf622caf02a640a683f559ff504e210e8 2734020 asterisk-modules_1.8.13.1~dfsg1-3+deb7u4_i386.deb
e15aa617905204e5c70c65736428e874072d5579 915774 asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u4_i386.deb
6cb4d82b4b9c238b8e784404109478820619ba16 692256 asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u4_i386.deb
c00b36dce63f188fbc810c0fe7e14edbfa24864d 708824 asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u4_i386.deb
051803c9036494f7716fe124e1bc3be67ded30d5 697966 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u4_i386.deb
2d4bd9243717e8c3dbc0765b40a276fc2d01b5c1 1054800 asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u4_i386.deb
2d746ff342b4523bba9b4bbf7b135b3ef44e004a 632500 asterisk-mp3_1.8.13.1~dfsg1-3+deb7u4_i386.deb
4523dccf231688bcb656beac0ae05868ba0b1ac8 654938 asterisk-mysql_1.8.13.1~dfsg1-3+deb7u4_i386.deb
32b6d38442373da8e52605cd8a1c2d46d51de310 645202 asterisk-mobile_1.8.13.1~dfsg1-3+deb7u4_i386.deb
d2b935111a82d97eabc5f0baef7765e7edcab0ce 29638576 asterisk-dbg_1.8.13.1~dfsg1-3+deb7u4_i386.deb
Checksums-Sha256:
b115830b42471eb8de8d55af764d334537f1cea0f5118a9b4bf1637d7e4f7504 3810 asterisk_1.8.13.1~dfsg1-3+deb7u4.dsc
7f6c8f42660de1e588eb1e583b33636342741e89ba5e8205eccb5abf608fbea2 7454524 asterisk_1.8.13.1~dfsg1.orig.tar.gz
d88a1468a7f6b2995fdf734ac9ff80b9dede0684488379e337c6389f75d5b167 400434 asterisk_1.8.13.1~dfsg1-3+deb7u4.debian.tar.gz
e5cc14d4622385400bc8c5c2e27237cef1fa216437b5411f46c0e175f90ac1bd 1991064 asterisk-doc_1.8.13.1~dfsg1-3+deb7u4_all.deb
b40e546ca5253039e6292bcc399ab6ec4f94fccb301d2a3a2fa78eac67c0c266 960784 asterisk-dev_1.8.13.1~dfsg1-3+deb7u4_all.deb
ff53d55b2fa6e72f732c85be58cf987b515f7b79b703357b66fa7c4a03a38f9d 1001390 asterisk-config_1.8.13.1~dfsg1-3+deb7u4_all.deb
e871d374e9a4ed62a8dff77184295cc63d8da7e5067c1659a2cd576f0bb7f0c7 1757312 asterisk_1.8.13.1~dfsg1-3+deb7u4_i386.deb
5b814559b20ba07caa107dc3f5d5f7f1b232c27a95e2b07a9c1460567b803b1e 2734020 asterisk-modules_1.8.13.1~dfsg1-3+deb7u4_i386.deb
afc8a109ce7de6aaa85eef1ea6ee41683433cb6571a644021979fcdd6dcdda57 915774 asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u4_i386.deb
9b9f6876b94b4e86fa93c7baeb5afa89c34d106e98851d4ff486ca132107a0c4 692256 asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u4_i386.deb
0d610317bde2dadfb9e526f181db1c243fba16b5b6b7befe7ab4b5a45cadebe8 708824 asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u4_i386.deb
88744dfe8dddc7601d9b9c32533be7509eaafc557a82276b6814f9e1cf349dde 697966 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u4_i386.deb
9d7dab18ddc6f6afe407a059a41b965b6b32ed445af1f2e6328de7ae860a6641 1054800 asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u4_i386.deb
2d65c3a9ee8827b68102b1b6adf9fc1083928aa0d46bf55faeb984e05d29b69d 632500 asterisk-mp3_1.8.13.1~dfsg1-3+deb7u4_i386.deb
d6a05be73440db919c01571b6514d7b71f374ebaf36986a9e11be88275c1d25e 654938 asterisk-mysql_1.8.13.1~dfsg1-3+deb7u4_i386.deb
5817731ef37be9099b012ca0f7ebf5bda64666acf4d035eaa8308479279c343d 645202 asterisk-mobile_1.8.13.1~dfsg1-3+deb7u4_i386.deb
80f313127da8fc940459cb0c6d5d380ed45900a306a093c978a70bfa5083a5f3 29638576 asterisk-dbg_1.8.13.1~dfsg1-3+deb7u4_i386.deb
Files:
4e8b97d9a5c5b5f40407a8545a1b20f3 3810 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u4.dsc
774a4eef40023976ef861eb5d182b9d4 7454524 comm optional asterisk_1.8.13.1~dfsg1.orig.tar.gz
456b698d9fed0eddb2d911c08a7bfedd 400434 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u4.debian.tar.gz
588136464085e9ebff396cc82a1f0ee7 1991064 doc extra asterisk-doc_1.8.13.1~dfsg1-3+deb7u4_all.deb
25811a22f8bf5482d04d098b9b2dbe3d 960784 devel extra asterisk-dev_1.8.13.1~dfsg1-3+deb7u4_all.deb
c96cf3364b446b0b81b61b3ba4bfce99 1001390 comm optional asterisk-config_1.8.13.1~dfsg1-3+deb7u4_all.deb
cce2aa2095979ccb24b5ddbe50a9f721 1757312 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u4_i386.deb
a967e162ce56f20be6cc99a574ea39d5 2734020 libs optional asterisk-modules_1.8.13.1~dfsg1-3+deb7u4_i386.deb
c3914294edca4f1c179ac164d364eb1f 915774 comm optional asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u4_i386.deb
9b7346c4e8a2db8baf8fa9c73af43685 692256 comm optional asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u4_i386.deb
20923a7afd59c89b56daace19397f96f 708824 comm optional asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u4_i386.deb
233a74aed014de1bec8b62eb3a538c18 697966 comm optional asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u4_i386.deb
44d0938138682cefe803c0aeaeae83cd 1054800 comm optional asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u4_i386.deb
4b6ed80d55854ed23154a95672558869 632500 comm optional asterisk-mp3_1.8.13.1~dfsg1-3+deb7u4_i386.deb
a0165183334c45172d706b18ddc0e21b 654938 comm optional asterisk-mysql_1.8.13.1~dfsg1-3+deb7u4_i386.deb
165fda44bf183266ab7201600abbe446 645202 comm optional asterisk-mobile_1.8.13.1~dfsg1-3+deb7u4_i386.deb
9f9caffa9cd149f2811b75ba654705c8 29638576 debug extra asterisk-dbg_1.8.13.1~dfsg1-3+deb7u4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJXKOPeXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHlgUP/3KWPgUTPgDBlMzTqH/p0UUx
VsFlvGAGkrgDvYE7h5vNGAfHJxwcmPqZ7lLwCA6P29Z5DHUNoXFo7Y23MXqWMRM8
KpTIbp0Iw05g4RhrDPt6QEb0ZZRRxBWmpXbT/6plDPc2VvCxDY18UGnz+G3t9ykD
YWBYBNxEOzbH2cXK2JNTpeMXlBrUmxOJPJI8hFg6Wr2utYVyt3zcraBqWquykwdN
tlB4WN+BjlJd6aiMZ+PkQ5dkuMre3R/egSpKiD9ckn2bL3WEc7R3tqw5xxeLEA+w
PwJAjAnHnee2N1xt2ZNeNtJOPMBoKcvY2AjvzBsRn7tZIZG24PzoKtyVAXocEMHr
d0mYHmyoYIl6dw9bsWjFWbzV8xEApZVt22l5ZQZ9BjKxTqo+yXHkUX5s+Dxx1b4u
ldbyYbMsQTk5H6/YsfA/lyIe1gArByv20xwxSN/HU3g0L08089meut7iDJlIe3lO
2pB6urpjJnd8A/GvnV8yyDIsWvB2M0yFB+BYoQ4ISLA7x4N7VtqLw8qNdNOHHhUd
/gflZklslD1sO2Mr3J/t67pvJbvgUlxZRdxKJ7RuZb1QTGxo/4Qh75PIyGUBkEez
+fbsJ3dWlvpnbVcX3D5uTNXavS7iL/61Rpo+aoVdzG/2oovMpjxvzFvBfJxzZiWI
qR3/TKaY64QoEkxfMzYR
=71dU
-----END PGP SIGNATURE-----