-
Committer:
Bazaar Package Importer
-
Author(s):
Brian Thomason
-
Date:
2009-03-16 17:52:11 UTC
-
Revision ID:
james.westby@ubuntu.com-20090316175211-hyrxp4rw1n95q0ue
Tags: 1:1.4.17~dfsg-2ubuntu1.1
* SECURITY UPDATE: ACK response spoofing
- added debian/patches/CVE-2008-1897: Adjust chan_iax2.c to use a special
id to prevent ACK response spoofing. Based on upstream patch.
- CVE-2008-1897
- AST-2008-006
* SECURITY UPDATE: POKE request flooding
- added debian/patches/CVE-2008-3263: Adjust chan_iax2.c to prevent
'POKE' request flooding. Based on upstream patch.
- CVE-2008-3263
- AST-2008-010
* SECURITY UPDATE: firmware packet flooding
- added debian/patches/CVE-2008-3264: Adjust chan_iax2.c to prevent
firmware packet flooding. Based on upstream patch.
- CVE-2008-3264
- AST-2008-011
* SECURITY UPDATE: information leak in IAX2 authentication
- added debian/patches/CVE-2009-0041: Adjust chan_iax2.c to fix
information leak in IAX2 authentication. Based on upstream patch.
- CVE-2009-0041
- AST-2009-001
* SECURITY UPDATE: SIP responses expose valid usernames
- added debian/patches/CVE-2008-3903: Adjust chan_sip.c to make
it more difficult to scan for available usernames.
- CVE-2008-3903
- AST-2009-003
* SECURITY UPDATE: An attacker could hijack a manager session
- added debian/patches/CVE-2008-1390: Adjust manager.c to
never assign an invalid id of 0
- CVE-2008-1390
- AST-2008-005