-
Committer:
Bazaar Package Importer
-
Author(s):
William Grant
-
Date:
2008-04-05 11:32:12 UTC
-
Revision ID:
james.westby@ubuntu.com-20080405113212-p7slzlzms8iityna
Tags: 1:1.4.17~dfsg-2ubuntu1
* SECURITY UPDATE: arbitrary code execution and authentication bypass.
(LP: #210124)
- debian/patches/CVE-2008-1289: Check that incoming RTP payloads are
within buffer limits. Patch from Debian.
- debian/patches/CVE-2008-1332: Ensure that allowguest has been enabled
before deciding that authentication isn't required. Patch from Debian.
- debian/patches/CVE-2008-1333: Interpret logging output as a character
string, not a format string. Patch from Debian.
- References:
+ CVE-2008-1289
+ CVE-2008-1332
+ CVE-2008-1333
+ AST-2008-002
+ AST-2008-003
+ AST-2008-004
* Modify Maintainer value to match the DebianMaintainerField
specification.