-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 Jan 2017 00:03:56 +0100 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source all amd64 Version: 1:1.8.13.1~dfsg1-3+deb7u5 Distribution: wheezy-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX Changes: asterisk (1:1.8.13.1~dfsg1-3+deb7u5) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2014-2287: channels/chan_sip.c in Asterisk when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. * Fix CVE-2016-7551: The overlap dialing feature in chan_sip allows chan_sip to report to a device that the number that has been dialed is incomplete and more digits are required. If this functionality is used with a device that has performed username/password authentication RTP resources are leaked. This occurs because the code fails to release the old RTP resources before allocating new ones in this scenario. If all resources are used then RTP port exhaustion will occur and no RTP sessions are able to be set up. Checksums-Sha1: fb9ec871932d0d322ad0aeab03f6dd638485c493 3845 asterisk_1.8.13.1~dfsg1-3+deb7u5.dsc 0a1e1343508771ee1715778d9578dc500daba898 405957 asterisk_1.8.13.1~dfsg1-3+deb7u5.debian.tar.gz f71508fd714b1cb14cb32d46c4b9922c591843dd 1991888 asterisk-doc_1.8.13.1~dfsg1-3+deb7u5_all.deb bedc2f183bc4902e769ca462fcf8d0cc1ffc41f0 960822 asterisk-dev_1.8.13.1~dfsg1-3+deb7u5_all.deb e73baaf7dba8388e31bb7caefdd35fa1a1138aad 1002528 asterisk-config_1.8.13.1~dfsg1-3+deb7u5_all.deb 527c111d7eab81ca97604d691fc7e5904d9a109e 1774980 asterisk_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 90ef638f8c09349114c0500541a47b7dcafa7ae1 2836574 asterisk-modules_1.8.13.1~dfsg1-3+deb7u5_amd64.deb db2727170e6681567e8c73f65924f493e571ac23 924470 asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 5ea376d6c02e6e7c459c93f0d0bd4955122bc947 695190 asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 22a782c30199af461ef3ccf7ae74ce56a646bfc2 712044 asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u5_amd64.deb d4721758803d386b6ff6af2cb21c202fda08e90d 701288 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 57f5f88a01dc840cac6a72cb7fe02d77bcd6c737 1039504 asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u5_amd64.deb f54572ee74ef8344f4222fb751f2b3efbe0d7159 634554 asterisk-mp3_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 72692dbb1645f93c46399cf48cd89d5e593a5d8c 659854 asterisk-mysql_1.8.13.1~dfsg1-3+deb7u5_amd64.deb b849a537576ea81a8fefcbea239089288027918b 648230 asterisk-mobile_1.8.13.1~dfsg1-3+deb7u5_amd64.deb d1dbef164fb6d5329e57456f752305381fa9aa0a 30073404 asterisk-dbg_1.8.13.1~dfsg1-3+deb7u5_amd64.deb Checksums-Sha256: c5a03ed6552d5ce63708afe443888a525eb4e06a4ee94689cdc727d086b838dd 3845 asterisk_1.8.13.1~dfsg1-3+deb7u5.dsc 0c5bdda35b452873188bd3e5d8d66ab3b409cbd8e7673592a489dd2bc3af1be5 405957 asterisk_1.8.13.1~dfsg1-3+deb7u5.debian.tar.gz c776921c4ce71baceb5a004e293dcd39b6efc27945ddb9db0d5daf65e2d2020c 1991888 asterisk-doc_1.8.13.1~dfsg1-3+deb7u5_all.deb 4736d12edae6a8b31903f36c0fc734074603a19f64feedb40bfcb39865d7c406 960822 asterisk-dev_1.8.13.1~dfsg1-3+deb7u5_all.deb 909602b90c067a8d1a414325a362dc206339056fe0393652ae9b57300a65aa5a 1002528 asterisk-config_1.8.13.1~dfsg1-3+deb7u5_all.deb 83e69ca891e2e34fafbd0623e171260c310a048a1fb0d1899c4bfcf101020fdb 1774980 asterisk_1.8.13.1~dfsg1-3+deb7u5_amd64.deb a862a0dc32027f73306b22b03b1c5ff0bf4024cd0d4be5fa0d0ea6555f71ae2a 2836574 asterisk-modules_1.8.13.1~dfsg1-3+deb7u5_amd64.deb dc4abe73f6beefaa290204509303001ec331673e380663ead634eb4427b2cf39 924470 asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u5_amd64.deb c06a789bb5d8eb51393de174b72574453829d1665475236ae9bcf1ea78341932 695190 asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u5_amd64.deb d78b8fd78daebdc4c5d2a5e3562e93743e9fe1a53fca7c32a6a44f40b9f47397 712044 asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 129cf14507115e670b79d4a5b8f552a2fafd4eb1943a1ab92673ff5b33bd617c 701288 asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 1eb995cbbcad800a9cff15776af11bc6940326919590d013d03a9d585cdaea19 1039504 asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u5_amd64.deb b3418255ca96d8a79b47d4294d6e72430e8f54858076735ebcb95659201d4739 634554 asterisk-mp3_1.8.13.1~dfsg1-3+deb7u5_amd64.deb b4e18e94a153c41faaf1a6acc62ae982c30458f2052415defc80a78a9ed125aa 659854 asterisk-mysql_1.8.13.1~dfsg1-3+deb7u5_amd64.deb e4c941ada1dc11323d47a997da6d125cf6e08456e88ca6b3b70ed4161025e4b8 648230 asterisk-mobile_1.8.13.1~dfsg1-3+deb7u5_amd64.deb f92e5d284afeac25a578115d03dcb0798ae7eb211f261712e5f098ddf867f1b7 30073404 asterisk-dbg_1.8.13.1~dfsg1-3+deb7u5_amd64.deb Files: cabd13dc84a15d4de66e19686f8e5479 3845 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u5.dsc f34f9596294b7bb313e6493aea908450 405957 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u5.debian.tar.gz 3ca510d50f105f398056922560bf9ffc 1991888 doc extra asterisk-doc_1.8.13.1~dfsg1-3+deb7u5_all.deb 656b7bc3b69f8ff7483cfffb1eec16f5 960822 devel extra asterisk-dev_1.8.13.1~dfsg1-3+deb7u5_all.deb 9911fcbba6c45ddffa61b66d622a0272 1002528 comm optional asterisk-config_1.8.13.1~dfsg1-3+deb7u5_all.deb ac28bf28883a5c03a7de1a3aaacf7913 1774980 comm optional asterisk_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 0a710a8b40df02179cfa595bd0cbb37e 2836574 libs optional asterisk-modules_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 39c628cbb32c259ad93a13a20c4825af 924470 comm optional asterisk-dahdi_1.8.13.1~dfsg1-3+deb7u5_amd64.deb a3ef65a0fdc3efd7b9ae5c2e91f1dd44 695190 comm optional asterisk-voicemail_1.8.13.1~dfsg1-3+deb7u5_amd64.deb a233d5c7874a5aa2baa11f82e0ed9cbb 712044 comm optional asterisk-voicemail-imapstorage_1.8.13.1~dfsg1-3+deb7u5_amd64.deb d5b8df12109e534f35068dd13a7bdc07 701288 comm optional asterisk-voicemail-odbcstorage_1.8.13.1~dfsg1-3+deb7u5_amd64.deb a8d776ee5446a1dcb6a999c6b4a9908f 1039504 comm optional asterisk-ooh323_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 5e42bd3d1687ef25b2869f41e844b8d3 634554 comm optional asterisk-mp3_1.8.13.1~dfsg1-3+deb7u5_amd64.deb f46100717c237c4771e1a4424e7d44c4 659854 comm optional asterisk-mysql_1.8.13.1~dfsg1-3+deb7u5_amd64.deb 02d80fc13ff90175f0b8e91be66ea9ba 648230 comm optional asterisk-mobile_1.8.13.1~dfsg1-3+deb7u5_amd64.deb d86e38270f0255c9ca878ae9a88262e4 30073404 debug extra asterisk-dbg_1.8.13.1~dfsg1-3+deb7u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlh4EV9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkD4IP/3FyaW+/ygxSVELh6L05i2FiwRFPk5SkVP62 /GA1fGGIL3G5w41s6BbhX2xSiRw4AvMY6GZzZlb2/HbTcQEPIUSwRZckBlUyUPOk 1sV9pFFMLBFoXmeh1va6pbHHJkGictP3Gi+jFkyLppHzG2rEfM1gERfep0yE+PJV CG+xkyiWXnLJubrWyEM9RqNrOX+oAnY5c/9LM6Ru427kjqZIoNU9IxIMLGtfH5cO QV6eIqCIZRDsOxsYr8mLYxj2l6s/SQxjtUbhOR9Z/gIqK5Bpk2Gimn6IJJ69x7wT rW/653VkFd3ODWpAC4kyfJz7VUiOg1GWf73vEZy7QZYLK++b2YD/DI6X8b0S9Nr1 abESAlN+jDFSTssA2JCT9YVSzHe1DhpPGxGAlNRyVslvwRDHJuWpIGNRDOwtDBSg TA7LHfXeQF4psqVyCdX2b/BDWD0aJKQoq3xGscbJ9g89fMVHiwvR2ZuTH5mp+Tde 8kSlslgaqs6ztwNLDLSBa4ZDSK+EA/uQQZO0jHoct3R6sQzR4p92wjg7SF0qWHzX z8yHPTs4F011IonPecI/yOF8DWh6qB5Gw7QZUw+j3sNX0smCr20RprmF0yTXQ++O /jZqERcDLV2Dd48iP7I9j9cECQqAEOp6KwecQagZLwbpZrhZDg6H1e7FKmKJCTUp w1rI66hw =CE5S -----END PGP SIGNATURE-----