CVS commit: pkgsrc/comms/asterisk18

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/comms/asterisk18
From: "John Nemeth" <jnemeth%netbsd.org@localhost>
Date: Fri, 6 Jul 2012 19:51:58 +0000

Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Fri Jul  6 19:51:58 UTC 2012

Modified Files:
        pkgsrc/comms/asterisk18: Makefile distinfo

Log Message:
Upgrade to Asterisk 1.8.13.1 -- this fixes two security issues:
AST-2012-010 and AST-2012-011

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.

The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:

* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
  a provisional response but never sends a final response, then the SIP dialog
  structure is never freed and the RTP ports for the call are never released. If
  an attacker has the ability to place a call, they could create a denial of
  service by using all available RTP ports.

* If a single voicemail account is manipulated by two parties simultaneously,
  a condition can occur where memory is freed twice causing a crash.

These issues and their resolution are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
 * http://downloads.asterisk.org/pub/security/pST-2012-011.pdf

Thank you for your continued support of Asterisk!


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/comms/asterisk18/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/comms/asterisk18/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/print/teTeX3-texmf
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/print/teTeX3-texmf
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index