-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 19 Mar 2008 00:58:25 +0200 Source: asterisk Binary: asterisk-h323 asterisk-web-vmail asterisk asterisk-classic asterisk-dev asterisk-doc asterisk-sounds-main asterisk-bristuff asterisk-config Architecture: source all i386 Version: 1:1.2.13~dfsg-2etch3 Distribution: stable-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Faidon Liambotis <paravoid@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-bristuff - Open Source Private Branch Exchange (PBX) - BRIstuff-enabled vers asterisk-classic - Open Source Private Branch Exchange (PBX) - original Digium versi asterisk-config - config files for asterisk asterisk-dev - development files for asterisk asterisk-doc - documentation for asterisk asterisk-h323 - asterisk H.323 VoIP channel asterisk-sounds-main - sound files for asterisk asterisk-web-vmail - Web-based (CGI) voice mail interface for Asterisk Changes: asterisk (1:1.2.13~dfsg-2etch3) stable-security; urgency=high . * Fix an authentication bypass vulnerability that could be exploited when using passwordless host-based authentication with realtime on SIP and IAX channels (AST-2007-027, CVE-2007-6430). * Fix a critical vulnerability that could be exploited to bypass SIP authentication (AST-2008-003, CVE-2008-1332). * Fix a potential DoS vulnerability in the Manager interface (AST-2008-004, CVE-2008-1333). Files: 181da0b7d5a604cd79be518e662b049b 1488 comm optional asterisk_1.2.13~dfsg-2etch3.dsc 6a98d3db7fd54a5dd082c692f3e50042 181527 comm optional asterisk_1.2.13~dfsg-2etch3.diff.gz 8fd6ec949bdd4fc072b4244f6c97642a 146658 comm optional asterisk_1.2.13~dfsg-2etch3_all.deb de67182dd31aef4878322327034ae0ae 1500218 doc optional asterisk-doc_1.2.13~dfsg-2etch3_all.deb 26798a8026d05a9843a63fa3ac28488e 170126 devel optional asterisk-dev_1.2.13~dfsg-2etch3_all.deb 6096881223aafe96ce1285b9be1a97ad 1504782 comm optional asterisk-sounds-main_1.2.13~dfsg-2etch3_all.deb 0eaff6b096a03f0830a965ed21671557 73928 comm optional asterisk-web-vmail_1.2.13~dfsg-2etch3_all.deb 99911d22fb5fbf7f0520d28f0cd21af7 131832 comm optional asterisk-config_1.2.13~dfsg-2etch3_all.deb 65c4d9ef59dc45d7ab4eb91c8497a283 1616600 comm optional asterisk-classic_1.2.13~dfsg-2etch3_i386.deb f119c7b228725648f953b84d2a2ee33c 1650014 comm optional asterisk-bristuff_1.2.13~dfsg-2etch3_i386.deb 539ce1eb62c36817f34e9ca0cbfb84d7 131048 comm optional asterisk-h323_1.2.13~dfsg-2etch3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH4UDQVty5d8XpUzMRAhvYAJ9ZX5uhVZHrLzD6R01HElUVCUt4bgCeI/jK KoQYWbJJ7NOXPJIJcB8dSgY= =nAYN -----END PGP SIGNATURE----- Accepted: asterisk-bristuff_1.2.13~dfsg-2etch3_i386.deb to pool/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_i386.deb asterisk-classic_1.2.13~dfsg-2etch3_i386.deb to pool/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_i386.deb asterisk-config_1.2.13~dfsg-2etch3_all.deb to pool/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch3_all.deb asterisk-dev_1.2.13~dfsg-2etch3_all.deb to pool/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch3_all.deb asterisk-doc_1.2.13~dfsg-2etch3_all.deb to pool/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch3_all.deb asterisk-h323_1.2.13~dfsg-2etch3_i386.deb to pool/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_i386.deb asterisk-sounds-main_1.2.13~dfsg-2etch3_all.deb to pool/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch3_all.deb asterisk-web-vmail_1.2.13~dfsg-2etch3_all.deb to pool/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch3_all.deb asterisk_1.2.13~dfsg-2etch3.diff.gz to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3.diff.gz asterisk_1.2.13~dfsg-2etch3.dsc to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3.dsc asterisk_1.2.13~dfsg-2etch3_all.deb to pool/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3_all.deb