-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 14 Dec 2009 01:11:44 +0200 Source: asterisk Binary: asterisk asterisk-h323 asterisk-doc asterisk-dev asterisk-dbg asterisk-sounds-main asterisk-config Architecture: source all i386 Version: 1:1.4.21.2~dfsg-3+lenny1 Distribution: stable-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Faidon Liambotis <paravoid@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-h323 - H.323 protocol support for Asterisk asterisk-sounds-main - Core Sound files for Asterisk (English) Closes: 522528 554486 554487 559103 Changes: asterisk (1:1.4.21.2~dfsg-3+lenny1) stable-security; urgency=high . * Multiple security fixes: - "Information leak in IAX2 authentication", AST-2009-001, CVE-2009-0041. - "Remote Crash Vulnerability in SIP channel driver", AST-2009-002. - "SIP responses expose valid usernames", AST-2009-003, CVE-2008-3903. (Closes: #522528) - "SIP responses expose valid usernames", AST-2009-008, CVE-2009-3727. (Closes: #554487) - Stop shipping old static-http code in examples. Among other things, it includes a vulnerable version of the prototype Javascript library. AST-2009-009, CVE-2008-7220. (Closes: #554486) - "RTP Remote Crash Vulnerability", AST-2009-010, CVE-2009-4055. (Closes: #559103) Checksums-Sha1: b39571677b5dee2efda9fc794b3d2ab5cebeb9ab 1984 asterisk_1.4.21.2~dfsg-3+lenny1.dsc 3b64d5aba93d38381d4e80b904f66741631aae89 5295205 asterisk_1.4.21.2~dfsg.orig.tar.gz 880546ae3b24c47f6bb6de248599086626772b47 150880 asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz db42a0cbcb3bd6a5b44f0acebc91b809e15176c3 32514900 asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb 9426e6a3e3dc12834c7e705fa8513b8d4fdae092 427650 asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb bb1cfceef93bdef38fc64aac7ea13dcb1130d7e6 1897736 asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb 14839ed0b3cb721459ddad32b87cfa4b3e11d558 478858 asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb a2121ba035dbbc96bb6b92ed3f3fd70f5ed235db 2407006 asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb db4f0873783fdea719309109b080facb75b5c1a1 388450 asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb a23c992cd677082e793f4b96d150792fb7436d85 12937820 asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb Checksums-Sha256: 3c1c8a5e5054d30c2aad0546deac4907fb8c46cf82732f4598f0d34baa69aafc 1984 asterisk_1.4.21.2~dfsg-3+lenny1.dsc 18a2c244568f11b75afd0850cae65b394be888c778869fce61651e64a181603d 5295205 asterisk_1.4.21.2~dfsg.orig.tar.gz 5dd0f5c19b6d458a1ef432818247c98b2ad4e2ceb4b3f4535b2b91243d1e4a6e 150880 asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz 196f07874797f359adb03111311abe1893b1623d7808ab206da90d6847797a2e 32514900 asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb c060a368134b247aa1d27374b683ee3f273da951bee28659cbabab2f3c7d004a 427650 asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb 3309cb55110e7b43a47a5cd7c7488731282ac128a2d40e937292e760232c6434 1897736 asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb 34341baafa36917469e4d72429ea642418628bf2626cb9208baf17337186e788 478858 asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb 187122e727887bdbb9cd62b3a1701a8de53b81e27cbb4a427d1437f9f154f167 2407006 asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb 80619106ec8570c3a584bf81e8a1f5cb64e1c4af7a50e31ad6308b381821512e 388450 asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb 4ee223894f928d207c29e62e3f15bb14a7b57da491ccfd2bdb61820efa62693f 12937820 asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb Files: 69dcaf09361976f55a053512fb26d7b5 1984 comm optional asterisk_1.4.21.2~dfsg-3+lenny1.dsc f641d1140b964e71e38d27bf3b2a2d80 5295205 comm optional asterisk_1.4.21.2~dfsg.orig.tar.gz ba6e81cd6ab443ef04467d57a1d954b3 150880 comm optional asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz 8d959ce35cc61436ee1e09af475459d1 32514900 doc extra asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb fb8a7dd925c8d209f3007e2a7d6602d8 427650 devel extra asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb f0b7912d2ea0377bbb3c56cbc067d230 1897736 comm optional asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb b483c77c21df4ae9cea8a4277f96966a 478858 comm optional asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb 2bbd456e2d36a734ac0789b6ff7e9d22 2407006 comm optional asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb 7c9e49cb8610a577d63f3fb77ecd92da 388450 comm optional asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb 46acd420961efc6c932d94eec0452ad3 12937820 devel extra asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksmj6cACgkQVty5d8XpUzMwHgCeKbMGyk0QDov48qlK09G5Fdzb w2gAn2POsBO9cc4Dv+PrArwit8Is90D1 =M94m -----END PGP SIGNATURE----- Accepted: asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb to main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb to main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb to main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb to main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb to main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb to main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz asterisk_1.4.21.2~dfsg-3+lenny1.dsc to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.dsc asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb to main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb