[Pkg-voip-commits] r4176 - in asterisk/branches/etch/debian: . patches
paravoid at alioth.debian.org
paravoid at alioth.debian.org
Tue Aug 21 02:56:41 UTC 2007
Author: paravoid
Date: 2007-08-21 02:56:41 +0000 (Tue, 21 Aug 2007)
New Revision: 4176
Added:
asterisk/branches/etch/debian/patches/CVE-2007-1561.dpatch
Modified:
asterisk/branches/etch/debian/changelog
asterisk/branches/etch/debian/patches/00list
Log:
- channels/chan_sip.c: fix bug that allows remote attackers to cause a
denial of service (crash) via a SIP INVITE message with an SDP
containing one valid and one invalid IP address. (CVE-2007-1561)
Modified: asterisk/branches/etch/debian/changelog
===================================================================
--- asterisk/branches/etch/debian/changelog 2007-08-21 02:47:16 UTC (rev 4175)
+++ asterisk/branches/etch/debian/changelog 2007-08-21 02:56:41 UTC (rev 4176)
@@ -4,6 +4,9 @@
- channels/chan_sip.c: If a SIP message comes in and goes to a method
handler that requires additional values that may not be present then
send back an error. (CVE-2007-1306)
+ - channels/chan_sip.c: fix bug that allows remote attackers to cause a
+ denial of service (crash) via a SIP INVITE message with an SDP
+ containing one valid and one invalid IP address. (CVE-2007-1561)
- channels/chan_sip.c: Only try to handle a response if it has a response
code. (ASA-2007-011, CVE-2007-1594)
- manager.c: Don't crash if a manager connection provides a username that
@@ -27,7 +30,7 @@
Added a build dependency on that package to avoid regressions on a security
upload.
- -- Faidon Liambotis <paravoid at debian.org> Tue, 21 Aug 2007 05:42:58 +0300
+ -- Faidon Liambotis <paravoid at debian.org> Tue, 21 Aug 2007 05:55:16 +0300
asterisk (1:1.2.13~dfsg-2) unstable; urgency=low
Modified: asterisk/branches/etch/debian/patches/00list
===================================================================
--- asterisk/branches/etch/debian/patches/00list 2007-08-21 02:47:16 UTC (rev 4175)
+++ asterisk/branches/etch/debian/patches/00list 2007-08-21 02:56:41 UTC (rev 4176)
@@ -1,5 +1,6 @@
patch.CVE-2006-2898.dpatch
CVE-2007-1306.dpatch
+CVE-2007-1561.dpatch
ASA-2007-011.dpatch
ASA-2007-012.dpatch
ASA-2007-014.dpatch
Added: asterisk/branches/etch/debian/patches/CVE-2007-1561.dpatch
===================================================================
--- asterisk/branches/etch/debian/patches/CVE-2007-1561.dpatch (rev 0)
+++ asterisk/branches/etch/debian/patches/CVE-2007-1561.dpatch 2007-08-21 02:56:41 UTC (rev 4176)
@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-1561.dpatch by Faidon Liambotis <paravoid at debian.org>
+##
+## DP: channels/chan_sip.c: If we are unable to lookup the host in a c line we
+## DP: have to abort, otherwise the previous data is gone and we will
+## DP: (potentially) have no data when all is said and done.
+## DP: r58579 in upstream's SVN
+## DP: Security fix, CVE-2007-1561
+
+ at DPATCH@
+Index: channels/chan_sip.c
+===================================================================
+--- a/channels/chan_sip.c (revision 58578)
++++ b/channels/chan_sip.c (revision 58579)
+@@ -3667,6 +3667,7 @@
+ hp = ast_gethostbyname(host, &ahp);
+ if (!hp) {
+ ast_log(LOG_WARNING, "Unable to lookup host in secondary c= line, '%s'\n", c);
++ return -1;
+ }
+ }
+ }
+@@ -3693,6 +3694,7 @@
+ hp = ast_gethostbyname(host, &ahp);
+ if (!hp) {
+ ast_log(LOG_WARNING, "Unable to lookup host in secondary c= line, '%s'\n", c);
++ return -1;
+ }
+ }
+ }
More information about the Pkg-voip-commits
mailing list