Change log for asterisk package in Debian
| 1 → 75 of 164 results | First • Previous • Next • Last |
| Published in sid-release |
asterisk (1:20.6.0~dfsg+~cs6.13.40431414-2) unstable; urgency=medium
* update patch 2016 to avoid excessive logging;
closes: bug#1060275, thanks to Daniel
-- Jonas Smedegaard <email address hidden> Tue, 30 Jan 2024 11:42:08 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:20.6.0~dfsg+~cs6.13.40431414-1) unstable; urgency=medium [ upstream ] * new release [ Jonas Smedegaard ] * unfuzz patches * update copyright info: update coverage * build-depend on libjwt-dev -- Jonas Smedegaard <email address hidden> Fri, 26 Jan 2024 14:53:47 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:20.5.2~dfsg+~cs6.13.40431414-1) unstable; urgency=medium
[ upstream ]
* new release
[ Jonas Smedegaard ]
* use systemd.pc to place systemd service unit;
build-depend on systemd-dev;
closes: bug#1059180, thanks to Chris Hofstaedtler
-- Jonas Smedegaard <email address hidden> Fri, 22 Dec 2023 13:58:28 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:20.5.1~dfsg+~cs6.13.40431414-1) unstable; urgency=high
[ upstream ]
* new release
+ fixes these upstream bugs:
CVE-2023-49294 CVE-2023-49786;
closes: bug#1059032, #1059033, thanks to Salvatore Bonaccorso
[ Jonas Smedegaard ]
* fix enable opus codec;
build-depend on libopusenc-dev;
closes: bug#1025165,
thanks to Paweł Bogusławski, Faidon Liambotis and Athos Ribeiro
* set urgency=high due to multiple security bugfixes
-- Jonas Smedegaard <email address hidden> Tue, 19 Dec 2023 17:38:11 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:20.5.0~dfsg+~cs6.13.40431414-1) unstable; urgency=medium [ upstream ] * new release [ Jonas Smedegaard ] * unfuzz patches -- Jonas Smedegaard <email address hidden> Sat, 25 Nov 2023 12:25:03 +0100
Available diffs
| Published in bullseye-release |
asterisk (1:16.28.0~dfsg-0+deb11u3) bullseye-security; urgency=high
* Non-maintainer upload.
* Fix CVE-2023-27585:
A flaw was found in Asterisk, an Open Source Private Branch Exchange. A
buffer overflow vulnerability affects users that use PJSIP DNS resolver.
This vulnerability is related to CVE-2022-24793. The difference is that
this issue is in parsing the query record `parse_query()`, while the issue
in CVE-2022-24793 is in `parse_rr()`. A workaround is to disable DNS
resolution in PJSIP config (by setting `nameserver_count` to zero) or use
an external resolver implementation instead.
-- Markus Koschany <email address hidden> Thu, 22 Jun 2023 14:47:22 +0200
| Superseded in sid-release |
asterisk (1:20.4.0~dfsg+~cs6.13.40431414-2) unstable; urgency=medium
* build-depend on liblua5.1-dev (not liblua5.2-dev);
closes: bug#1050625, thanks to Bastian Germann and David
* update DEP-3 patch headers
-- Jonas Smedegaard <email address hidden> Sun, 27 Aug 2023 17:23:31 +0200
Available diffs
| Superseded in sid-release |
asterisk (1:20.4.0~dfsg+~cs6.13.40431414-1) unstable; urgency=medium
[ upstream ]
* new release
[ Jonas Smedegaard ]
* stop depend on lsb-base
* update watch file:
+ fixate component pjproject at upstream release 2.13.1
* unfuzz patches
* update copyright info: update coverage
-- Jonas Smedegaard <email address hidden> Fri, 04 Aug 2023 21:53:23 +0200
Available diffs
| Superseded in sid-release |
asterisk (1:20.3.0~dfsg+~cs6.13.40431413-1) unstable; urgency=medium
[ upstream ]
* new release
[ Jonas Smedegaard ]
* unfuzz patches
* fix cleanup to support double build;
thanks to ideal.bowl5022
* generate core documentation from markdown sources;
skip generate manpage when nodoc is set;
build-depend on cmark-cfm
-- Jonas Smedegaard <email address hidden> Wed, 21 Jun 2023 08:35:49 +0200
Available diffs
| Superseded in bullseye-release |
asterisk (1:16.28.0~dfsg-0+deb11u2) bullseye-security; urgency=high
* Non-maintainer upload by the LTS team.
* Fix CVE-2022-23537, CVE-2022-23547, CVE-2022-31031, CVE-2022-37325,
CVE-2022-39244, CVE-2022-39269, CVE-2022-42705, CVE-2022-42706.
Multiple security vulnerabilities have been discovered in Asterisk, an Open
Source Private Branch Exchange. Buffer overflows and other programming
errors could be exploited for launching a denial of service attack or the
execution of arbitrary code.
-- Markus Koschany <email address hidden> Wed, 22 Feb 2023 23:11:00 +0100
| Superseded in sid-release |
asterisk (1:20.2.1~dfsg+~cs6.13.40431413-1) unstable; urgency=medium
[ upstream ]
* new release
[ Jonas Smedegaard ]
* update watch file:
+ fixate component pjproject at upstream release 2.13
* update copyright info: update coverage
* unfuzz patches
-- Jonas Smedegaard <email address hidden> Thu, 20 Apr 2023 20:31:59 +0200
Available diffs
| Superseded in sid-release |
asterisk (1:20.1.0~dfsg+~cs6.12.40431414-1) unstable; urgency=medium [ upstream ] * new release -- Jonas Smedegaard <email address hidden> Fri, 13 Jan 2023 00:26:47 +0100
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
asterisk (1:20.1.0~~rc2~dfsg+~cs6.12.40431414-1) experimental; urgency=medium [ upstream ] * new pre-release [ Jonas Smedegaard ] * update copyright info: update coverage * declare compliance with Debian Policy 4.6.2 -- Jonas Smedegaard <email address hidden> Sat, 07 Jan 2023 00:24:00 +0100
| Superseded in bullseye-release |
asterisk (1:16.28.0~dfsg-0+deb11u1) bullseye-security; urgency=high
* Non-maintainer upload.
* Fix CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301,
CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845,
CVE-2021-46837, CVE-2022-21722, CVE-2022-21723, CVE-2022-23608,
CVE-2022-24763, CVE-2022-24764, CVE-2022-24786, CVE-2022-24792,
CVE-2022-24793, CVE-2022-26498, CVE-2022-26499, CVE-2022-26651.
Multiple security vulnerabilities have been found in Asterisk, an Open
Source Private Branch Exchange. Buffer overflows and other programming
errors could be exploited for information disclosure or the execution of
arbitrary code.
-- Markus Koschany <email address hidden> Thu, 17 Nov 2022 12:46:39 +0100
| Superseded in sid-release |
asterisk (1:20.0.1~dfsg+~cs6.12.40431414-1) unstable; urgency=high
[ upstream ]
* new release
* closes: bug#1017004, thanks to Neil Williams;
also fixes these upstream bugs:
ASTERISK-30103 ASTERISK-30176 ASTERISK-30244 ASTERISK-30338
CVE-2022-37325 CVE-2022-42706 CVE-2022-42705 CVE-2022-39244
CVE-2022-31031
GHSA-26j7-ww69-c4qj GHSA-fq45-m3f7-3mhj
[ Jonas Smedegaard ]
* fix build module chan_sip;
closes: bug#1024443, thanks to James Bottomley
* add NEWS entry about new AMI live_dangerously option
* set urgency=high due to multiple security bugfixes
-- Jonas Smedegaard <email address hidden> Thu, 08 Dec 2022 09:51:21 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:20.0.0~dfsg+~cs6.12.40431414-2) unstable; urgency=medium * re-release for building with auto-builder -- Jonas Smedegaard <email address hidden> Thu, 10 Nov 2022 15:21:24 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:20.0.0~dfsg+~cs6.12.40431414-1) unstable; urgency=medium [ upstream ] * new release -- Jonas Smedegaard <email address hidden> Wed, 19 Oct 2022 18:49:49 +0200
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
asterisk (1:20.0.0~~rc2~dfsg+~cs6.12.40431414-1) experimental; urgency=medium [ upstream ] * new pre-release -- Jonas Smedegaard <email address hidden> Sat, 08 Oct 2022 10:07:27 +0200
| Superseded in experimental-release |
asterisk (1:20.0.0~~rc1~dfsg+~cs6.12.40431414-1) experimental; urgency=medium
[ upstream ]
* new pre-release
* update lintian overrides
* update copyright info:
+ fix separate License section from corresponding Files section
* update watch file:
+ track upstream branch 20 (not 18)
+ fix avoid secondary capture groups,
apparently significant nowadays
+ simplify uversionmangle
* drop patch cherry-picked upstream now applied
* unfuzz patches
* set Rules-Requires-Root: no
* stop install modules dropped upstream:
app_dahdiras app_mysql cdr_mysql
-- Jonas Smedegaard <email address hidden> Tue, 20 Sep 2022 15:29:13 +0200
| Superseded in sid-release |
asterisk (1:18.14.0~dfsg+~cs6.12.40431414-1) unstable; urgency=medium
[ upstream ]
* new release
[ Jonas Smedegaard ]
* update watch file: simplify regex
* relax to build-depend on default-libmysqlclient-dev
for all architectures
* unfuzz patches
-- Jonas Smedegaard <email address hidden> Tue, 23 Aug 2022 17:40:49 +0200
Available diffs
| Superseded in sid-release |
asterisk (1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1) unstable; urgency=medium
[ upstream ]
* new pre-release;
embeds an updated PJProject, fixing multiple security issues;
CVE-2022-24764 CVE-2022-24763 CVE-2022-24786
CVE-2022-24792 CVE-2022-24793;
closes: bug#1014976
[ Jonas Smedegaard ]
* update watch file:
+ fixate component pjproject at upstream release 2.12.1
+ track pre-releases
* update copyright info:
+ update primary Source URI
+ update coverage
-- Jonas Smedegaard <email address hidden> Sat, 30 Jul 2022 10:16:47 +0200
Available diffs
| Superseded in bullseye-release |
asterisk (1:16.16.1~dfsg-1+deb11u1) bullseye-security; urgency=medium
* CVE-2021-32558 / AST-2021-008 (Closes: #991710)
If the IAX2 channel driver receives a packet that contains an unsupported
media format it can cause a crash to occur in Asterisk
* CVE-2021-32686 / AST-2021-009 (Closes: #991931)
pjproject/pjsip: crash when SSL socket destroyed during handshake
* d/gbp.conf for Bullseye branch
-- Bernhard Schmidt <email address hidden> Mon, 09 Aug 2021 08:48:31 +0200
| Superseded in sid-release |
asterisk (1:18.12.0~dfsg+~cs6.12.40431413-1) unstable; urgency=medium
[ upstream ]
* new release
[ Jonas Smedegaard ]
* update watch file:
+ fixate component pjproject at upstream release 2.12
(not asterisk fork of 2.10)
* update copyright info: update coverage
* update and unfuzz patches
* declare compliance with Debian Policy 4.6.1
-- Jonas Smedegaard <email address hidden> Thu, 12 May 2022 22:37:38 +0200
Available diffs
| Superseded in sid-release |
asterisk (1:18.11.2~dfsg+~cs6.10.40431413-1) unstable; urgency=medium [ upstream ] * new release [ Jonas Smedegaard ] * update copyright info: update coverage -- Jonas Smedegaard <email address hidden> Sun, 17 Apr 2022 15:59:40 +0200
Available diffs
| Superseded in sid-release |
asterisk (1:18.11.1~dfsg+~cs6.10.40431413-1) unstable; urgency=medium
[ upstream ]
* new release
[ Jonas Smedegaard ]
* use semantic newlines in long description and copyright fields
* stop provide module chan_vpb failing to build:
+ add patch cherry-picked upstream
to remove deprecated module chan_vpb
+ drop binary package asterisk-vpb
+ stop build-depend on libvpb-dev
+ add notice in NEWS
* update and unfuzz patches
-- Jonas Smedegaard <email address hidden> Wed, 06 Apr 2022 15:22:41 +0200
| Superseded in sid-release |
asterisk (1:18.10.1~dfsg+~cs6.10.40431411-1) unstable; urgency=medium [ upstream ] * new release -- Jonas Smedegaard <email address hidden> Mon, 07 Mar 2022 19:02:16 +0100
| Superseded in sid-release |
asterisk (1:18.10.0~dfsg+~cs6.10.40431411-2) unstable; urgency=medium
* fix teardown function in autopkgtest
* fix build module app_macro, and simplify build configuration:
+ revert build rules to explicitly set menuselect target file
+ reduce and rename patch 2004
+ drop related obsolete patches 2003 2005 2007 2009 2017
closes: bug#1005381, thanks to James Bottomley
* drop unused obsolete h323 patches 1002 1003 1005
* omit build-depending on default-libmysqlclient-dev
for architectures where the package is unavailable
-- Jonas Smedegaard <email address hidden> Sat, 12 Feb 2022 19:24:51 +0100
| Superseded in sid-release |
asterisk (1:18.10.0~dfsg+~cs6.10.40431411-1) unstable; urgency=medium [ upstream ] * new release [ Jonas Smedegaard ] * drop patches cherry-picked upstream now applied * unfuzz patches * update TODOs -- Jonas Smedegaard <email address hidden> Fri, 11 Feb 2022 10:41:21 +0100
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
asterisk (1:18.9.0~dfsg+~cs6.10.40431411-1) experimental; urgency=medium
[ upstream ]
* new release(s)
[ Jonas Smedegaard ]
* update watch file: track upstream branch 18 (not 16)
* unfuzz patches
* update copyright info: update coverage
* package asterisk-modules now include modules
app_voicemail app_voicemail_imap app_voicemail_odbc;
drop packages asterisk-voicemail
asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage;
add NEWS entry that users of imap or odbc variant
need to adjust configuration
* adjust rules to explicitly install library headers
-- Jonas Smedegaard <email address hidden> Fri, 04 Feb 2022 21:59:09 +0100
| Superseded in sid-release |
asterisk (1:16.23.0~dfsg+~cs6.10.40431411-1) unstable; urgency=medium
* embed project asterisk-opus as component;
add patches 2015 2016 to integrate opus module with asterisk;
integrate opus module with build rules;
have asterisk-modules replace and break asterisk-opus
* update copyright info: update coverage
* relax to build-depend unversioned on libjansson-dev:
required version satisfied in all supported Debian releases
* build-depend on libneon27-dev
(not libneon27-gnutls-dev, with libneon27-dev only as fallback);
drop fallback build-dependencies
for libcurl4-openssl-dev libradcli-dev
* build-depend on liblua5.2-dev (not liblua5.1-0-dev)
* build-depend on libcodec2-dev libfftw3-dev libsndfile1-dev
-- Jonas Smedegaard <email address hidden> Fri, 04 Feb 2022 00:40:53 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.23.0~dfsg+~cs6.10.20220309-2) unstable; urgency=medium
* update debhelper script dh_asterisk:
+ fix move excess paragraphs from POD section NAME to DESCRIPTION
+ fix reference man page debhelper(7) (not bogus debhelper(1)
+ add POD section COPYRIGHT AND LICENSE
+ simplify POD section SYNOPSIS
+ drop POD sections OPTIONS (superfluous) and NOTES (bogus)
+ fix typo in POD section DESCRIPTION
+ extend POD section DESCRIPTION
to mention dh-sequence-asterisk (inspired by POD of dh_perl_openssl)
* provide virtual package asterisk-abi-* (not asterisk-*),
and have dh_asterisk generate matching package variable
${asterisk:Depends} (not the core less intuitive ${asterisk:ABI})
* generate and install manpage for dh_asterisk;
build-depend on perl
* cherry-pick bugfix patches upstream; unfuzz remaining patches
-- Jonas Smedegaard <email address hidden> Sun, 23 Jan 2022 15:33:47 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.23.0~dfsg+~cs6.10.20220309-1) unstable; urgency=medium
* finalize and install debhelper script dh_asterisk;
have asterisk-dev depend on debhelper perl:any,
and provide virtual package dh-sequence-asterisk
* relax to generate temporary PJPROJECT tarball sloppily:
reproducibility or stable md5sum unneeded
* fix avoid insecure hardcoded path below /tmp during build
* rename and renumber patches;
add file debian/patches/README to source
documenting patch naming micro policy
* drop vp8 patch, superseded by package asterisk-opus
* embed project asterisk-amr as component;
drop patch amr
* embed project mp3 as component;
drop patch mpglib
* update copyright info:
+ fix avoid bdimad files from embedded PJPROJECT
when repackaging upstream source:
not freely licensed
+ update coverage
* unfuzz patches
* integrated embedded project mp3 with build rules
* add patches 2011 2012 to integrate module amr with asterisk;
update build rules to integrate module amr code files
* add patch 2013 to integrate mp3 module with asterisk;
update build rules to integrate mp3 module
* add/update DEP-3 patch headers
* add patch 2014
to avoid non-free PJPROJECT audio device driver bdimad
-- Jonas Smedegaard <email address hidden> Sun, 23 Jan 2022 00:08:30 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.23.0~dfsg+~2.10-1) unstable; urgency=medium
[ upstream ]
* new release(s)
[ Jonas Smedegaard ]
* update git-buildpackage config:
+ filter-out any .git* file
+ use DEP14 branch naming scheme
+ add usage comment
* resolve PJPROJECT version from embedded source
* update copyright info: update coverage
* drop patches cherry-picked upstream now applied
* update and unfuzz patches
* fix relax autopkgtest: set allow-stderr
* stop set obsolete menuselect option codec_opus_open_source
-- Jonas Smedegaard <email address hidden> Fri, 21 Jan 2022 03:25:41 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.16.1~dfsg+~2.10-2) unstable; urgency=medium
* fix sysV init file to align with mariadb (not mysql);
closes: bug#1003925, thanks to Roel van Meer
* fix silently broken patch systemd;
closes: bug#985314, thanks to Sergio Durigan Junior
* unfuzz patches, with shortening quilt options
* Trim trailing whitespace.
* Use secure URI in Homepage field.
* Update renamed lintian tag names in lintian overrides.
* Drop transition for old debug package migration.
* stop set CFLAGS=-fgnu89-inline,
as GCC 5.x was supported upstream since late 2015
(see also bug#777782)
* explicitly disable BUILD_NATIVE,
and stop set CFLAGS and LDFLAGS in configure
(only in make menuselect)
* tighten bug closures in changelog,
for slightly better readability
and to avoid confusing lintian-brush
* stop export build flags: they are passed as arguments
* let dh_auto_config resolve core configure options
* revive upstream optimization flags
unless DEB_BUILD_OPTIONS=noopt
* support DEB_BUILD_OPTIONS=terse
* fix install file CHANGES as upstream changelog,
and more detailed ChangeLog only with asterisk-doc
* use debhelper compatibility level 13 (not 10);
stop install duplicates in package asterisk-doc
now that its install path coincide with package asterisk;
build-depend on debhelper-compat (not debhelper)
* adapt install routines and helper scripts to use multiarch paths;
add NEWS entry about this change
* fix install phoneprov XML files
* explicitly list a few images, contrib scripts and sample website
as not-installed
* fix install a manpage (not corresponding script)
into manpage directory
* install main header file only below /usr/include
(i.e. drop transitional symlinking done in 2008)
* install most possible manpages from upstream-installed locations,
to ease detecting missed install files
* update copyright info:
+ use SPDX shortname Apache-2.0
+ drop unused License section LGPL-2.1
+ fix Files section for codecs/gsm,
covering both left-truncating wildcard
and an explicit file overriding right-truncating wildcard,
to list it _after_ right-truncating wildcard Files sections
* fix have asterisk pre-depend on misc:Pre-Depends,
needed by systemd calls in maintainer scripts
-- Jonas Smedegaard <email address hidden> Thu, 20 Jan 2022 10:33:17 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.16.1~dfsg+~2.10-1) unstable; urgency=medium
* update copyright info:
+ use Reference field (not License-Reference);
tighten lintian overrides
+ fix add License fields GPL-2+ GPL-3+
+ fix interpret unversioned GPL/LGPL to mean any version
+ add comment about ambiguous statement
for file include/jitterbuf.h
+ normalize copyright holders lists
+ fix list all wildcard directories (i.e. right truncation)
before wildcard files (i.e. left truncation)
+ normalize files lists
+ add coverage for my packaging contributions
+ update coverage
+ refine source repackaging hints:
stop avoid files no longer included upstream
exclude non-DFSG pjproject files
+ use more SPDX(ish) shortnames
+ sort License sections alphabetically
+ fix cover pjproject files;
drop non-autoritative file debian/copyright.pjproject
+ update coverage
+ declare pjproject source URI
* update watch file:
+ stop force repackaging; stop set compression
+ set dversionmangle=auto
+ set pgpmode=auto (and stop set pgpsigurlmangle)
+ tighten match pattern
+ update usage comment
* embed pjproject:
+ define as component with git-buildpackage and uscan
+ build from embedded files
+ stop include manually prepared embedded tarball
+ drop obsolete patch autoreconf-pjproject
* simplify source helper script copyright-check
* drop file README.source from source:
packaging no longer non-standard
-- Jonas Smedegaard <email address hidden> Sun, 16 Jan 2022 23:17:14 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.16.1~dfsg-4) unstable; urgency=medium
[ Utkarsh Gupta ]
* Set default systemd config to avoid console output to syslog.
(Closes: #985314, #971090)
-- Bernhard Schmidt <email address hidden> Mon, 01 Nov 2021 23:16:15 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.16.1~dfsg-2) unstable; urgency=high
* CVE-2021-32558 / AST-2021-008 (Closes: #991710)
If the IAX2 channel driver receives a packet that contains an unsupported
media format it can cause a crash to occur in Asterisk
* CVE-2021-32686 / AST-2021-009 (Closes: #991931)
pjproject/pjsip: crash when SSL socket destroyed during handshake
-- Bernhard Schmidt <email address hidden> Fri, 06 Aug 2021 15:35:20 +0200
Available diffs
asterisk (1:16.16.1~dfsg-1) unstable; urgency=medium
* New minor upstream version 16.16.1~dfsg
- CVE-2020-35776 / AST-2021-001 (Closes: #983158)
Remote crash in res_pjsip_diversion
- CVE-2021-26717 / AST-2021-002 (Closes: #983157)
Remote crash possible when negotiating T.38
- CVE-2021-26712 / AST-2021-003
Remote attacker could prematurely tear down SRTP calls
- CVE-2021-26713 / AST-2021-004
An unsuspecting WebRTC user could crash Asterisk with multiple
hold/unhold requests
- CVE-2021-26906 / AST-2021-005 (Closes: #983159)
Remote Crash Vulnerability in PJSIP channel driver
-- Bernhard Schmidt <email address hidden> Mon, 22 Feb 2021 21:45:24 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.15.1~dfsg-1) unstable; urgency=medium
* New upstream version 16.15.1~dfsg
- CVE-2020-35652 / AST-2020-003 + AST-2020-004 (Closes: #979372)
Remote crash in res_pjsip_diversion
-- Bernhard Schmidt <email address hidden> Sun, 17 Jan 2021 15:56:22 +0100
Available diffs
| Superseded in sid-release |
asterisk (1:16.15.0~dfsg-1) unstable; urgency=medium
* New upstream version 16.15.0~dfsg. fixes to CVEs
- CVE-2020-28327 / AST-2020-001 (Closes: #974712)
Remote crash in res_pjsip_session
- CVE-2020-28242 / AST-2020-002 (Closes: #974713)
Outbound INVITE loop on challenge with different nonce
-- Bernhard Schmidt <email address hidden> Mon, 23 Nov 2020 13:19:33 +0100
Available diffs
- diff from 1:16.12.0~dfsg-1 to 1:16.15.0~dfsg-1 (170.6 KiB)
| Published in buster-release |
asterisk (1:16.2.1~dfsg-1+deb10u2) buster; urgency=medium
* CVE-2019-15297: AST-2019-004
Crash when negotiating for T.38 with a declined stream (Closes: #940060)
* CVE-2019-18790: AST-2019-006
SIP request can change address of a SIP peer (Closes: #947381)
* CVE-2019-18610: AST-2019-007
AMI user could execute system commands (Closes: #947377)
* Fix use-after-free with TEST_FRAMEWORK enabled (Closes: #966334)
* Fix segfault in pjsip show history with IPv6 peers (Closes: #882145)
-- Bernhard Schmidt <email address hidden> Thu, 27 Aug 2020 00:53:40 +0200
| Superseded in sid-release |
asterisk (1:16.12.0~dfsg-1) unstable; urgency=medium
* Add new upstream signing key
F2FC93DB7587BD1FB49E045A5D984BE337191CE7
Asterisk Development Team <email address hidden>
* New upstream version 16.12.0~dfsg (Closes: #882145)
* Update to pjproject 2.10
* Also update d/source/include-binaries
* Update Uploaders (Closes: #953442)
* Fix setting the version number
-- Bernhard Schmidt <email address hidden> Tue, 01 Sep 2020 01:15:39 +0200
Available diffs
- diff from 1:16.10.0~dfsg-1 to 1:16.12.0~dfsg-1 (108.7 KiB)
| Superseded in sid-release |
asterisk (1:16.10.0~dfsg-1) unstable; urgency=medium
* Team upload.
* d/watch: use https instead of http, it is more secure
* New upstream version 16.10.0~dfsg
* Remove patches applied by upstream and refresh the remaining ones
- Patches applied by upstream: AST-2019-002.patch and AST-2019-003.patch
* Repack pjproject version 2.9
* d/TODO.Debian: rename to d/TODO, thanks to lintian
* d/README.Debian: fix a typo, thanks to lintian
* d/rules: do not use dpkg-parsechangelog to get source package version
* d/copyright:
- Update years of the upstream copyright
- Remove unused paragraphs and files dropped by upstream
- Use https instead of http in Format and Source fields
-- Lucas Kanashiro <email address hidden> Mon, 18 May 2020 19:50:39 -0300
Available diffs
| Superseded in buster-release |
asterisk (1:16.2.1~dfsg-1+deb10u1) buster; urgency=medium
* AST-2019-002 / CVE-2019-12827
Buffer overflow in res_pjsip_messaging (Closes: #931980)
* AST-2019-003 / CVE-2019-13161
Remote Crash Vulnerability in chan_sip (Closes: #931981)
* d/gbp.conf: Update for Buster branch
-- Bernhard Schmidt <email address hidden> Tue, 20 Aug 2019 22:31:36 +0200
| Superseded in sid-release |
asterisk (1:16.2.1~dfsg-2) unstable; urgency=high
* AST-2019-002 / CVE-2019-12827
Buffer overflow in res_pjsip_messaging (Closes: #931980)
* AST-2019-003 / CVE-2019-13161
Remote Crash Vulnerability in chan_sip (Closes: #931981)
-- Bernhard Schmidt <email address hidden> Sat, 13 Jul 2019 23:47:36 +0200
Available diffs
asterisk (1:16.2.1~dfsg-1) unstable; urgency=medium
* New upstream version 16.2.1~dfsg
- CVE-2019-7251 / AST-2019-001 (Closes: #923690)
Remote crash vulnerability with SDP protocol violation
* Bump dependency on libjansson-dev to >= 2.11 (required by upstream)
-- Bernhard Schmidt <email address hidden> Thu, 07 Mar 2019 23:13:24 +0100
Available diffs
- diff from 1:16.2.0~dfsg-1 to 1:16.2.1~dfsg-1 (15.6 KiB)
asterisk (1:16.2.0~dfsg-1) unstable; urgency=medium * New upstream version 16.2.0~dfsg -- Bernhard Schmidt <email address hidden> Wed, 20 Feb 2019 23:49:31 +0100
Available diffs
asterisk (1:16.1.1~dfsg-1) unstable; urgency=medium
Upload new major version to unstable
[ Bernhard Schmidt ]
* New upstream version 16.1.1 (Closes: #886984, #917481)
- build with embedded pjproject 2.8 (dfsg-repacked)
- Add lintian overrides for bundled library
- Reenable app_macro, many dialplans need it
* Update d/watch for Asterisk 16.x
* Add signing key for Chris Savinovich <email address hidden>
* New upstream version 16.1.0~dfsg
* README.Debian: Fix a typo found by lintian
* Drop libsqlite0-dev, deprecated
* Do not load any local channel drivers by default (Closes: #821392)
* asterisk.service: Attempt to run with realtime priority by default
(Closes: #801629)
* Improve/fix some raceconditions in sysv-initscript.
Thanks to Walter Doekes (Closes: #778746)
[ Rob Thomas ]
* Build-Depend on libunbound-dev for async DNS
-- Bernhard Schmidt <email address hidden> Fri, 11 Jan 2019 18:51:43 +0100
Available diffs
| Deleted in experimental-release (Reason: None provided.) |
asterisk (1:16.1.0~dfsg-4) experimental; urgency=medium
* Update build-deps
- Revert mariadb-10.3 change, not necessary anymore
- Add libsnmp-dev again, works now
- Add libosptk-dev for Open Settlement Protocol, see Bug#786973.
Not sure yet whether we will keep this for unstable.
- Drop libsqlite0-dev, deprecated
* Do not load any local channel drivers by default (see #821392)
* asterisk.service: Attempt to run with realtime priority by default
(see #801629)
* Improve/fix some race-conditions in sysv-initscript.
Thanks to Walter Doekes (see #778746)
-- Bernhard Schmidt <email address hidden> Fri, 04 Jan 2019 16:00:17 +0100
asterisk (1:13.23.1~dfsg-2) unstable; urgency=medium * Fix autopkgtest by parsing XML results (Closes: #909689) -- Bernhard Schmidt <email address hidden> Thu, 03 Jan 2019 16:20:10 +0100
Available diffs
- diff from 1:13.22.0~dfsg-2 to 1:13.23.1~dfsg-2 (105.1 KiB)
- diff from 1:13.23.1~dfsg-1 to 1:13.23.1~dfsg-2 (923 bytes)
| Superseded in experimental-release |
asterisk (1:16.1.0~dfsg-3) experimental; urgency=medium
* Adjust MySQL build-dep for current mariadb-10.3 breakage
* d/p/autoreconf-pjproject: also update config.guess and config.sub,
that should REALLY fix the FTBFS now
* Restore previous pjproject md5sum on dh_clean, allows package to be
built twice
* README.Debian: Fix a typo found by lintian
* Add lintian override for bundled libasteriskpj
-- Bernhard Schmidt <email address hidden> Sat, 22 Dec 2018 23:51:06 +0100
| Superseded in experimental-release |
asterisk (1:16.1.0~dfsg-2) experimental; urgency=medium
* Add patch to rerun autoconf in third_party/pjproject, hopefully fixes
FTBFS on new architectures like ppc64el
-- Bernhard Schmidt <email address hidden> Fri, 21 Dec 2018 00:37:07 +0100
| Superseded in experimental-release |
asterisk (1:16.1.0~dfsg-1) experimental; urgency=medium [ Bernhard Schmidt ] * New upstream version 16.1.0~dfsg * Update d/watch for Asterisk 16.x * Build with embedded pjproject 2.8 (dfsg-repacked) * Reenable app_macro, many dialplans need it * Fix autopkgtest by parsing XML results * Disable libsnmp-dev temporarily [ Rob Thomas ] * Update patches for Asterisk 16.0.1 * Build-Depend on libunbound-dev for async DNS -- Bernhard Schmidt <email address hidden> Thu, 20 Dec 2018 00:05:50 +0100
| Published in stretch-release |
asterisk (1:13.14.1~dfsg-2+deb9u4) stretch-security; urgency=medium
* AST-2018-004 / CVE-2018-7284: Crash when receiving SUBSCRIBE request
(Closes: #891227)
* AST-2018-005 / CVE-2018-7286: Crash when large numbers of TCP connections
are closed suddenly (Closes: #891228)
* AST-2018-008 / CVE-2018-12227: PJSIP endpoint presence disclosure when
using ACL (Closes: #902954)
* AST-2018-009 / CVE-2018-17281: Remote crash vulnerability in HTTP
websocket upgrade (Closes: #909554)
-- Bernhard Schmidt <email address hidden> Sun, 30 Sep 2018 23:24:10 +0200
asterisk (1:13.23.1~dfsg-1) unstable; urgency=medium
* New upstream version 13.23.1~dfsg
- CVE-2018-17281 / AST-2018-009 (Closes: #909554)
Remote crash vulnerability in HTTP websocket upgrade
* Add lintian overrides for modules
-- Bernhard Schmidt <email address hidden> Tue, 25 Sep 2018 09:59:08 +0200
asterisk (1:13.22.0~dfsg-2) unstable; urgency=medium
* Fix/enable autopkgtest
- Do not log disabled tests to stderr
- Look at the correct line in the summary for failed tests
-- Bernhard Schmidt <email address hidden> Wed, 05 Sep 2018 11:30:36 +0200
Available diffs
- diff from 1:13.20.0~dfsg-1 to 1:13.22.0~dfsg-2 (288.8 KiB)
- diff from 1:13.22.0~dfsg-1 to 1:13.22.0~dfsg-2 (717 bytes)
asterisk (1:13.22.0~dfsg-1) unstable; urgency=medium
* New upstream version 13.22.0~dfsg
- CVE-2018-12227 / AST-2018-008 (Closes: #902954)
PJSIP endpoint presence disclosure when using ACL
- pjsip: Increase maximum number of usable ciphers (Closes: #897412)
* Drop d/p/no_uname, not necessary anymore
* Drop d/p/radcli-detection.patch, applied upstream
* Fix d/p/hack-multiple-app-voicemail for upstream libtdl drop
* Unfuzz d/p/amr.patch and d/p/ffmpeg-detection.patch
* Fix FTBFS due to wrong filename for dh_installdocs (Closes: #903412)
-- Bernhard Schmidt <email address hidden> Sun, 22 Jul 2018 23:31:23 +0200
Available diffs
- diff from 1:13.20.0~dfsg-1 to 1:13.22.0~dfsg-1 (288.4 KiB)
| Published in jessie-release |
asterisk (1:11.13.1~dfsg-2+deb8u5) jessie-security; urgency=medium
* CVE-2017-17090 / /AST-2017-013: memory leak from chan_skinny
(Closes: #883342).
* Note: advisories AST-2017-009 - AST-2017-012 do not apply to asterisk 11
(Closes: #881257, #881256).
-- Tzafrir Cohen <email address hidden> Fri, 29 Dec 2017 23:24:50 +0200
asterisk (1:13.20.0~dfsg-1) unstable; urgency=medium
* New upstream version 13.20.0 (Closes: #891227, #891228)
* Reorganize upstream GPG keys
- Split individual signing keys in separate files
- Add new key for Ben Ford <email address hidden>: 0x073B0C1FC9B2E352
- Add new key for Joshua Colp <email address hidden>:
0xCDBEE4CC699E200EB4D46BB79E76E3A42341CE04
* Fix missing/broken Closes: in previous changelog
* Install realtime database schema into asterisk-doc
* Point Vcs-* to salsa
-- Bernhard Schmidt <email address hidden> Tue, 03 Apr 2018 10:59:20 +0200
Available diffs
| Superseded in stretch-release |
asterisk (1:13.14.1~dfsg-2+deb9u3) stretch-security; urgency=medium
[ Tzafrir Cohen ]
* AST-2017-009: ignored for the record.
* AST-2017-010 / CVE-2017-16671: Buffer overflow in CDRs (call logs)
(Closes: #881257)
* AST-2017-011 / CVE-2017-16672: Memory/File Descriptor/RTP leak in
pjsip session resource (Closes: #881256)
* AST-2017-012 / CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack
(Closes: #884345)
* AST-2017-013 / CVE-2017-17090: DoS (memory leak) in chan_skinny
(Closes: #883342)
* ASTERISK-26606.patch: fix openssl error reporting (Closes: #883767)
* debian/.gitignore: typo
* gbp.conf: set branch name
[ Bernhard Schmidt ]
* Drop duplicate filter line from d/gbp.conf
-- Tzafrir Cohen <email address hidden> Fri, 29 Dec 2017 16:27:08 +0200
asterisk (1:13.18.5~dfsg-1) unstable; urgency=medium
* New upstream release:
- CVE-2017-17850 / AST-2017-014 (closes: #885072)
- AST-2017-012: Remote Crash Vulnerability in RTCP Stack
* Re-add support for snmp (Closes #851738)
* Don't load dundi, mgcp, skinny and unistim by default
* Avoid parallel build in 'make install'
* tests: realpath is now in coreutils
* asttestmods: enable res_pjsip_pubsub tests
* asttestmods: run asterisk as user asterisk
* asttestmods: disable module test_cel for now
-- Tzafrir Cohen <email address hidden> Thu, 28 Dec 2017 00:20:16 +0200
| Superseded in jessie-release |
asterisk (1:11.13.1~dfsg-2+deb8u4) jessie-security; urgency=high
* CVE-2017-14603 / AST-2017-008
This is a follow-up for AST-2017-005: RTP/RTCP information leak
improving robustness of the security fix and fixing a regression
with re-INVITEs (Closes: #876328)
-- Bernhard Schmidt <email address hidden> Sat, 23 Sep 2017 21:07:18 +0200
| Superseded in stretch-release |
asterisk (1:13.14.1~dfsg-2+deb9u2) stretch-security; urgency=high
* CVE-2017-14603 / AST-2017-008
This is a follow-up for AST-2017-005: RTP/RTCP information leak
improving robustness of the security fix and fixing a regression
with re-INVITEs (Closes: #876328)
* Fix one-way audio with chan_sip when transcoding (Closes: #875450)
-- Bernhard Schmidt <email address hidden> Sat, 23 Sep 2017 21:26:19 +0200
asterisk (1:13.18.3~dfsg-1) unstable; urgency=medium
* New upstream version 13.18.3~dfsg
- CVE-2017-17090 / AST-2017-013
DOS Vulnerability in Asterisk chan_skinny (Closes: #883342)
* Drop duplicate filter line from d/gbp.conf
-- Bernhard Schmidt <email address hidden> Thu, 07 Dec 2017 15:20:29 +0100
asterisk (1:13.18.1~dfsg-1) unstable; urgency=medium
* New upstream version 13.18.1~dfsg
- CVE-2017-16671 / AST-2017-010
Buffer overflow in CDR's set user (Closes: #881257)
- CVE-2017-16672 / AST-2017-011
Memory/File Descriptor/RTP leak in pjsip session resource
(Closes: #881256)
- Drop gmime-3.x and srtp 2.1 support patches applied upstream
- Drop pjsip_unresolved_symbol.patch applied upstream
* reproducibility: Sort order of input files for core-en_US.xml generation
* Drop dh --with autotools_dev, default in compat 10
* Add Multi-Arch: foreign to -dev and -doc
* Remove deprecated priority extra
-- Bernhard Schmidt <email address hidden> Thu, 09 Nov 2017 23:35:12 +0100
| Superseded in stretch-release |
asterisk (1:13.14.1~dfsg-2+deb9u1) stretch-security; urgency=high
* CVE-2017-14099 / AST-2017-005
Media takeover in RTP stack ("RTP bleed") (Closes: #873907)
* CVE-2017-14100 / AST-2017-006
Shell access command injection in app_minivm (Closes: #873908)
-- Bernhard Schmidt <email address hidden> Sat, 02 Sep 2017 23:21:14 +0200
asterisk (1:13.17.2~dfsg-2) unstable; urgency=medium
* Build against libsrtp2
- Add versioned b-d to pjproject 2.7 built with libsrtp2
- d/p/libsrtp-2.1.x.patch: Upstream patch to support libsrtp 2.1.x
* Transition to gmime 3.0 (Closes: #867346)
- d/p/gmime-3.0.patch: Upstream patch to support gmime 3.0
* Bump Standards-Version to 4.1.1, drop obsolete build-deps
* Fix reproducible builds by overwriting kernel version and
machine architecture
-- Bernhard Schmidt <email address hidden> Fri, 06 Oct 2017 23:27:22 +0200
asterisk (1:13.17.2~dfsg-1) unstable; urgency=high
* New upstream version 13.17.2~dfsg
- CVE-2017-14603 / AST-2017-008
This is a follow-up for AST-2017-005: RTP/RTCP information leak
improving robustness of the security fix and fixing a regression
with re-INVITEs (Closes: #876328)
-- Bernhard Schmidt <email address hidden> Sat, 23 Sep 2017 20:41:06 +0200
asterisk (1:13.17.1~dfsg-1) unstable; urgency=high
* New upstream version 13.17.1, fixing three CVEs
- CVE-2017-14099 / AST-2017-005
Media takeover in RTP stack ("RTP bleed") (Closes: #873907)
- CVE-2017-14100 / AST-2017-006
Shell access command injection in app_minivm (Closes: #873908)
- CVE-2017-14098 / AST-2017-007
Remote Crash Vulerability in res_pjsip (Closes: #873909)
-- Bernhard Schmidt <email address hidden> Sat, 02 Sep 2017 22:34:09 +0200
asterisk (1:13.17.0~dfsg-2) unstable; urgency=medium
* Build with -Wl,--as-needed
* Add patch to (hopefully) build reproducibly
* Temporarily add libavdevice-dev to b-d to work around
pjproject issue
-- Bernhard Schmidt <email address hidden> Thu, 17 Aug 2017 21:10:03 +0200
| Superseded in sid-release |
asterisk (1:13.17.0~dfsg-1) unstable; urgency=medium
* New upstream version 13.17.0
- Dropped OpenSSL 1.0 patches: merged upstream.
- Dropped 859911-pjsip-set-rtp-source-address patches: merged upstream.
- Dropped pjsip_unresolved_symbol.patch: merged upstream.
- Dropped AST-2017-004.patch: merged upstream.
- Closes: #856332 (specifically: just the example in pjsip.conf).
* Added asterisk-tests package: internal tests. Not otherwise useful.
- New ABI hash: 1fb7f5c06d7a2052e38d021b3d8ca151.
* Added autopkgtest test based on them.
-- Tzafrir Cohen <email address hidden> Thu, 03 Aug 2017 23:20:22 -0400
asterisk (1:13.14.1~dfsg-2) unstable; urgency=high
[ Tzafrir Cohen ]
* CVE-2017-9358 / AST-2017-004: Memory exhaustion on short SCCP packets
(Closes: #863906)
* Documentation updates in debian/:
- d/p/test_framework.patch: no longer an upstream issue
- d/asterisk-config-custom:
- fix typo: buildbuildpackage (Closes: #860902)
- add comment that dpkg-buildpackage comes from dpkg-dev
-- Bernhard Schmidt <email address hidden> Fri, 02 Jun 2017 14:40:15 +0200
asterisk (1:13.14.1~dfsg-1) unstable; urgency=medium
* New upstream version 13.14.1
- Fixes AST-2017-001 (Buffer overflow in CDR's set user) (Closes: #859910)
* Import upstream fix to set the RTP source address to the address bound by
the PJSIP transport (Closes: #859911)
-- Bernhard Schmidt <email address hidden> Mon, 10 Apr 2017 12:53:03 +0200
asterisk (1:13.14.0~dfsg-1) unstable; urgency=medium
[ Bernhard Schmidt ]
* New upstream version 13.14.0~dfsg
- Fixes RTP error on systems with disabled IPv6 (Closes: #853792)
- Fixes asymetric RTP codec selection (Closes: #855014)
* drop pjsip_improve_logging.patch, applied upstream
* drop configure-osarch, applied upstream
-- Bernhard Schmidt <email address hidden> Tue, 14 Feb 2017 21:54:29 +0100
| Deleted in experimental-release (Reason: None provided.) |
asterisk (1:13.14.0~dfsg-1~exp1) experimental; urgency=medium
[ Bernhard Schmidt ]
* New upstream version 13.14.0~dfsg
- Fixes RTP error on systems with disabled IPv6 (Closes: #853792)
- Fixes asymetric RTP codec selection (Closes: #855014)
* drop pjsip_improve_logging.patch, applied upstream
* drop configure-osarch, applied upstream
-- Bernhard Schmidt <email address hidden> Tue, 14 Feb 2017 21:54:29 +0100
| 1 → 75 of 164 results | First • Previous • Next • Last |
