On Sat, 2013-04-06 at 16:39 +0300, Tzafrir Cohen wrote: > Please unblock package asterisk. It includes a number of fixes, mostly > two series of security fixes.
It includes a number of things that don't meet the published criteria, which is far from ideal for an urgency=high upload at this point in the freeze. > The extra bug fixes are: > > 1. A simple fix to add support for powerpcspe Architecture support isn't freeze material to begin with. Support for architectures not even in Debian even more so. (I realise it's a tiny patch; that's not really the point.) > + * Patches backported from Asterisk 1.8.19.1 (Closes: #697230): > + - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack > + allocations when using TCP. > + The following two fixes were also pulled in order to easily apply it: > + - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop That patch is more than 30% of the diff on its own. :-( How difficult would it have been to backport the fix to the code we have in wheezy? > + - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code > + - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through > + Exploitation of Device State Caching > + * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505). > + * README.Debian: document running the testsuite. Helpful as it might be, that could definitely have waited. > + * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272). And that seems more like it might be stable update material now. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
