[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/comms/asterisk18
Module Name: pkgsrc
Committed By: jnemeth
Date: Fri Jul 6 19:51:58 UTC 2012
pkgsrc/comms/asterisk18: Makefile distinfo
Upgrade to Asterisk 220.127.116.11 -- this fixes two security issues:
AST-2012-010 and AST-2012-011
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 18.104.22.168, 10.5.2, and 10.5.2-digiumphones.
The release of Asterisk 1.8.11-cert4, 22.214.171.124, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:
* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.
* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
The security advisories are available at:
Thank you for your continued support of Asterisk!
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 pkgsrc/comms/asterisk18/Makefile
cvs rdiff -u -r1.32 -r1.33 pkgsrc/comms/asterisk18/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |