News for package asterisk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: asterisk
Binary: asterisk, asterisk-modules, asterisk-dahdi, asterisk-vpb, asterisk-voicemail, asterisk-voicemail-imapstorage, asterisk-voicemail-odbcstorage, asterisk-ooh323, asterisk-mp3, asterisk-mysql, asterisk-mobile, asterisk-doc, asterisk-dev, asterisk-config
Architecture: any all
Version: 1:13.14.1~dfsg-2+deb9u4
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Uploaders:  Bernhard Schmidt <berni@debian.org>, Daniel Pocock <daniel@pocock.com.au>, Jeremy Lainé <jeremy.laine@m4x.org>, Jonas Smedegaard <dr@jones.dk>, Mark Purcell <msp@debian.org>, Tzafrir Cohen <tzafrir@debian.org>
Homepage: http://www.asterisk.org/
Standards-Version: 3.9.8
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-voip/asterisk.git
Vcs-Git: https://anonscm.debian.org/git/pkg-voip/asterisk.git
Build-Depends: autoconf, automake, autotools-dev, binutils-dev, dahdi-source, debhelper (>= 10), default-libmysqlclient-dev, dh-autoreconf, dh-systemd, freetds-dev, libasound2-dev, libavcodec-dev, libbluetooth-dev [linux-any], libc-client2007e-dev, libcap-dev [linux-any], libcurl4-openssl-dev | libcurl-dev, libedit-dev, libradcli-dev | libfreeradius-client-dev | libradiusclient-ng-dev, libgmime-2.6-dev, libgsm1-dev, libical-dev, libiksemel-dev, libjack-dev, libjansson-dev, libldap-dev, liblua5.1-0-dev, libncurses-dev, libneon27-gnutls-dev | libneon27-dev, libnewt-dev, libogg-dev, libopencore-amrnb-dev, libopencore-amrwb-dev, libopenr2-dev [linux-any], libopus-dev, libopusfile-dev, libpjproject-dev, libpopt-dev, libpq-dev, libpri-dev, libreadline-dev, libresample1-dev, libsdl-image1.2-dev, libspandsp-dev, libspeex-dev, libspeexdsp-dev, libsqlite0-dev, libsqlite3-dev, libsrtp-dev, libss7-dev, libssl-dev, libsystemd-dev [linux-any], libswscale-dev, libtonezone-dev [linux-any], liburiparser-dev, libvorbis-dev, libvpb-dev [linux-any], libxml2-dev, libxslt1-dev, portaudio19-dev, unixodbc-dev, uuid-dev, zlib1g-dev
Package-List:
 asterisk deb comm optional arch=any
 asterisk-config deb comm optional arch=all
 asterisk-dahdi deb comm optional arch=linux-any
 asterisk-dev deb devel extra arch=all
 asterisk-doc deb doc extra arch=all
 asterisk-mobile deb comm optional arch=linux-any
 asterisk-modules deb libs optional arch=any
 asterisk-mp3 deb comm optional arch=any
 asterisk-mysql deb comm optional arch=any
 asterisk-ooh323 deb comm optional arch=any
 asterisk-voicemail deb comm optional arch=any
 asterisk-voicemail-imapstorage deb comm optional arch=any
 asterisk-voicemail-odbcstorage deb comm optional arch=any
 asterisk-vpb deb comm optional arch=linux-any
Checksums-Sha1:
 ad3b0601910c7b9debd8edee25bcfe985666280f 6152096 asterisk_13.14.1~dfsg.orig.tar.xz
 d5d169d9367ec8d67cc3aa9f07fed12d0400c050 154060 asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
Checksums-Sha256:
 9f52c386cb3eec6f01af7f1e03818280870896defde0da9f8f032db351a642b7 6152096 asterisk_13.14.1~dfsg.orig.tar.xz
 4a2bbbcd52004c4b3a5a829335737871f0f316cc5998f303b74243858c252255 154060 asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
Files:
 6db73384168c17ebe6160ba96c5c6209 6152096 asterisk_13.14.1~dfsg.orig.tar.xz
 e6fe8549c46eefceb013bd4ff2fba769 154060 asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlvDtFURHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOGOA/9EqHoAL1CXIbitZ0G8YqGScah5C2jXxI+
15BUIo8yGoFCmLSJI7bKZoce0R/KFZO/HcgA/CePzg2d/iMRCyRUZQ5Dpkm7ADMj
X/jVl3KiP262VSIl5t7R1c3ywmdyrxWSivzE7ImxZACBWHRaw5Zq6dVXu18/gLUL
cE/pggHea7197fCil1WzK2eIoEfBtJc1iqS3o2IYyPV3/kqL9iZhBQ9bPJvIJ4IW
rosa68PmjLw12iDEAO1vByLjNkAFjf6SjCzqhgEUVNAfUyMFKMD5nv+Pnw7Vna/k
/YKK+QkwrhdTP8yvi+uLstUz3jqoHw4TDpA2OVedNorHJyv5Q0hIbSZB1uElM4m5
5IfcrCAaEwa5x5//9WQvlT0Ps/QSHtdEU3nlnuqDqBP2UuBUj2+nO7X5tuajUvUW
IhpcUa1NAzt7CONkOI3zQwtA1I5217/5yhGCCq5j/zwKcpjNkG/iHWrTUl4LBTV/
6smfME5snNUKlu+sXVQSR4oaEr8/JZL029QD9KMV2SA1VKRAKnSlrqWKqYsxLZEa
N7So1Xwm99sb29r9mo+i18Gwl9HXzCZxRD7OmnrNdIX1Vapt6imJd1nbVqLBygOV
wBuCbGgw3la8cSey2X2JNelUcHljcIdoje+ObAW0fhyqiDWBV+Q0iMFFGeDJHi3t
4CfkVgvCyWE=
=1IFL
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
asterisk (1:13.14.1~dfsg-2+deb9u4) stretch-security; urgency=medium

  * AST-2018-004 / CVE-2018-7284: Crash when receiving SUBSCRIBE request
    (Closes: #891227)
  * AST-2018-005 / CVE-2018-7286: Crash when large numbers of TCP connections
    are closed suddenly (Closes: #891228)
  * AST-2018-008 / CVE-2018-12227: PJSIP endpoint presence disclosure when
    using ACL (Closes: #902954)
  * AST-2018-009 / CVE-2018-17281: Remote crash vulnerability in HTTP
    websocket upgrade (Closes: #909554)

 -- Bernhard Schmidt <berni@debian.org>  Sun, 30 Sep 2018 23:24:10 +0200