* SECURITY UPDATE: denial of service and possible code exection via crafted UDPTL packet - debian/patches/AST-2011-002-1.6.2.diff: properly calculate lengths in main/udptl.c. - CVE-2011-1147 * SECURITY UPDATE: denial of service via manager session with invalid data - debian/patches/AST-2011-003-1.6.2.diff: check for errors in main/manager.c. - CVE-2011-1174 * SECURITY UPDATE: denial of service via many short TLS sessions - debian/patches/AST-2011-004-1.6.2.diff: gracefully handle failures in main/tcptls.c. - CVE-2011-1175 * SECURITY UPDATE: denial of service via a series of TCP connections - debian/patches/AST-2011-005-1.6.2.diff: add timeouts and session limits to main/manager.c, configs/manager.conf.sample, channels/chan_sip.c, channels/chan_skinny.c, main/http.c, configs/{skinny,sip,http}.conf.sample. - CVE-2011-1507 * SECURITY UPDATE: remote command execution via incomplete system privilege check - debian/patches/AST-2011-006-1.6.2.diff: correctly check privileges in main/manager.c. - CVE-2011-1599 * SECURITY UPDATE: denial of service via crafted packet and SIP channel driver - debian/patches/AST-2011-008.diff: set proper length in channels/chan_sip.c. - CVE-2011-2529 * SECURITY UPDATE: denial of service and possible code execution via IAX2 channel driver crafted frame - debian/patches/AST-2011-010-1.6.2.diff: validate options in channels/chan_iax2.c, main/features.c. - CVE-2011-2535 * SECURITY UPDATE: account name enumeration - debian/patches/AST-2011-011-1.6.2.diff: adjust responses in channels/chan_sip.c. - CVE-2011-2536