CVS commit: pkgsrc/comms/asterisk

["John Nemeth" <jnemeth%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Fri Dec 12 22:12:56 UTC 2014

Modified Files:
        pkgsrc/comms/asterisk: Makefile distinfo

Log Message:
Update to Asterisk 11.14.2: this is a security fix release.

The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.

The release of these versions resolves the following security vulnerability:

* AST-2014-019: Remote Crash Vulnerability in WebSocket Server

  When handling a WebSocket frame the res_http_websocket module
  dynamically changes the size of the memory used to allow the
  provided payload to fit. If a payload length of zero was received
  the code would incorrectly attempt to resize to zero. This
  operation would succeed and end up freeing the memory but be
  treated as a failure. When the session was subsequently torn down
  this memory would get freed yet again causing a crash.

For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the Change Logs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2

The security advisory is available at:

* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

Thank you for your continued support of Asterisk!


To generate a diff of this commit:
cvs rdiff -u -r1.115 -r1.116 pkgsrc/comms/asterisk/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/comms/asterisk/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.