This bug was fixed in the package asterisk - 1:1.8.10.1~dfsg-1ubuntu1
---------------
asterisk (1:1.8.10.1~dfsg-1ubuntu1) precise; urgency=low
* Merge from Debian unstable. (LP: #987772, #956578, #956580, #956581)
* Remaining changes:
- debian/asterisk.init: chown /dev/dahdi
- debian/backports/hardy: add file
- debian/backports/asterisk.init.hardy: add file
- Fix building on armhf with debian/patches/armhf-fixes:
+ Flatten linux-gnueabihf in configure to linux-gnu, in
the same way that's already done for linux-gnueabi
* Changes dropped from Ubuntu delta as no longer applicable:
- debian/patches/backport-r312866.diff: Backported from upstream
- debian/control: Build-depend on hardening-wrapper, now handled
by dpkg-buildflags
- debian/rules: Make use of hardening-wrapper
asterisk (1:1.8.10.1~dfsg-1) unstable; urgency=low
[ Victor Seva ]
* Update backports/squeeze script gmime2.6 -> gmime2.4
[ Tzafrir Cohen ]
* New upstrean bug-fix release.
- Fixes "[CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and
AST-2012-003 flaws" (Closes: #664411).
* Patch gmime2.6 (Closes: #663998, #664004), also fixed Build-Depends.
* Remove the text of RFC 3951 from the tarball. (Closes: #665937)
asterisk (1:1.8.10.0~dfsg-1) unstable; urgency=low
[ Tzafrir Cohen ]
* New upstrean release.
* Build-depend on sqlite3 as well (Closes: #531759).
[ Paul Belanger ]
* debian/patch/chan_iax2-detach-thread-on-non-stop-exit:
- Dropped; merged upstream
[ Mark Purcell ]
* New Release:
- Fixes "SHA-1 code is doesn't allow modification" (Closes: #643703)
- Fixes "Placing calls on hold fails with some IP phones" (Closes: #632518)
- Fixes "Pass the correct value to ast_timer_set_rate() for IAX2
trunking." (Closes: #661974)
- Fixes "Call quality on IAX significantly worse than SIP" (Closes: #481702)
- Fixes "New upstream release: 1.8.2.2" (Closes: #610811)
- Fixes "asterisk german number pronunciation" (Closes: #402991)
- Fixes "Why using version 1.6.2.9 - it's not LTS" (Closes: #612147)
- Fixes "SRTP/ZRTP support for Asterisk" (Closes: #577686)
- Fixes "fails to register SIP channels on ARM" (Closes: #660240)
* export CFLAGS LDFLAGS
- Fixes "Hardening flags missing for menuselect" (Closes: #664086)
- Fixes "enable hardening options" (Closes: #542741)
asterisk (1:1.8.8.2~dfsg-1) unstable; urgency=high
* New upstream release, fixes AST-2012-001 (Closes: #656596).
* Use CFLAGS and LDFLAGS from dpkg-buildflags (Closes: #653944).
asterisk (1:1.8.8.0~dfsg-1) unstable; urgency=high
[ Faidon Liambotis ]
* Fix Breaks/Conflicts to contain the epoch.
* Urgency high since this resulted in file conflicts when upgrading from
stable.
* Patch reenable-pri-optional: Backport a patch from upstream to fix
several PRI features being compiled-out and hence disabled.
* Bump libpri-dev dependency to 1.4.12; it is not strictly needed but extra
functionality is enabled at build-time.
[ Tzafrir Cohen ]
* New upstream release. Closes: #651552.
- Patch reenable-pri-optional dropped: included upstream.
* Officially remove asterisk-h323:
- Break older versions, as it did not have a versioned Depends before.
- Remove the package.
* Update watch file to only check for 1.8.x tarballs.
* Quote pathes in postinst script: Closes: #656208 (Pocos).
asterisk (1:1.8.7.1~dfsg-2) unstable; urgency=low
* libncurses is a build dep afterall (Closes: #649431).
asterisk (1:1.8.7.1~dfsg-1) unstable; urgency=high
[ Tzafrir Cohen ]
* New upstream release (Closes: #647252):
- Patch refix_bashism removed: applied upstream.
- Patch openssl10 removed: applied upstream.
- Patch gmime-2.4 removed: applied upstream.
- Patch gcc46 removed - was a backport from upstream.
* Disable chan_h323: broken with current h323plus, and not loved by
upstream.
* Patch chan_iax2-detach-thread-on-non-stop-exit: Hopefully plugs a
memory leak.
* Patch reinclude_docs: a copy of the included documentation that was
removed.
* Patch sparc32_disable: Remove pointless optimization for sparc64
[ Paul Belanger ]
* Bump libpri-dev to 1.4.11.
* Ensure sub-packages with asterisk modules are the same version as the
binary.
-- Andrew Mitchell <ajmi...@ubuntu.com> Tue, 24 Apr 2012 22:15:54 +1200
** Changed in: asterisk (Ubuntu)
Status: Incomplete => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1183
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1184
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/956581
Title:
Stack Buffer Overflow in HTTP Manager
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/956581/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
