Accepted asterisk 1:13.14.1~dfsg-2+deb9u4 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 Sep 2018 23:24:10 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-config
Architecture: source
Version: 1:13.14.1~dfsg-2+deb9u4
Distribution: stretch-security
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 891227 891228 902954 909554
Changes:
asterisk (1:13.14.1~dfsg-2+deb9u4) stretch-security; urgency=medium
.
* AST-2018-004 / CVE-2018-7284: Crash when receiving SUBSCRIBE request
(Closes: #891227)
* AST-2018-005 / CVE-2018-7286: Crash when large numbers of TCP connections
are closed suddenly (Closes: #891228)
* AST-2018-008 / CVE-2018-12227: PJSIP endpoint presence disclosure when
using ACL (Closes: #902954)
* AST-2018-009 / CVE-2018-17281: Remote crash vulnerability in HTTP
websocket upgrade (Closes: #909554)
Checksums-Sha1:
9a3d0f011044550d59f6bf8e2923c431397c4e2e 4133 asterisk_13.14.1~dfsg-2+deb9u4.dsc
d5d169d9367ec8d67cc3aa9f07fed12d0400c050 154060 asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
64bbea1c48356a6dd0c687a3b1fcc939388260af 27619 asterisk_13.14.1~dfsg-2+deb9u4_amd64.buildinfo
Checksums-Sha256:
fae9d4d830d8c45e6c294a27db8c8133bb84671e60a29876416abce9cabdc878 4133 asterisk_13.14.1~dfsg-2+deb9u4.dsc
4a2bbbcd52004c4b3a5a829335737871f0f316cc5998f303b74243858c252255 154060 asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
ca23a882cdb0309c2f412598a28cddb950cdecae8acf80bb7d311b4332ac9301 27619 asterisk_13.14.1~dfsg-2+deb9u4_amd64.buildinfo
Files:
8a617142c87fedca32b83bee1dab0c83 4133 comm optional asterisk_13.14.1~dfsg-2+deb9u4.dsc
e6fe8549c46eefceb013bd4ff2fba769 154060 comm optional asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
b7e962fcb77a55234f6e21e240ede4b0 27619 comm optional asterisk_13.14.1~dfsg-2+deb9u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlvDtFkRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOXlA//Wa/OyyBpgrTSLo0jtgPuvvkzQaUjai8Q
m00ggHJWacLlNj5fFHzUthWuoC26Sy31QziXfBoUBiJ/T8IMOruNh1cs5F0Uw/qA
14PO9irEivgq1aGzPMqJLMXiZofpJU3dz4Jm9hsGCZwtY9SX4k9UroMZYPxaUbIm
wCJ7c+ALOjv1U+aTDTWDQg8h1t1G6MdyBpaughVkuddfx0Sgxf17DNrbq1+OKpTC
P8Z7PAijrWZPuxMyvEkbF5UgbU4B3Kw28kymSMdJhMRHNEuAyE4EmDlnifSwo5a3
Z3O+lW8eN4Y+HhuwPQW+ILdzG/wM8LwBvtMxoF7dSxnh2kg7gWPO9LaQsmuhZoyn
bVrMmRG4M1hryu/1fUh25wH+xuY3ajYJ0G8LXhenyAILyazmI8PKwj7ZGr0JZCl7
bTKLU1rZ/DTuebMG3J6nw6+uykAezWClg/KI5jaZEchxv9eMg2HEigG7wGbDydwh
YmkD7h6NmpM2tw+7+DOoCJvtZWgNAY3vc+9dApGGDJeUVfDV1KfQPF7aSMCHKhF7
2WL9tpvVStVAvKUQUHKyz517eHPVE4GeejLVnwdB9kF2C0koEzfUbY5cFO1wW8Q0
Dt2/LKqa1W452g1iJadnDmIRx2Ry0rWXHQOOk74x3us+w6HLgp5AeAHbwbKecADa
UTCgAhtIYE8=
=m3FA
-----END PGP SIGNATURE-----