CVS commit: pkgsrc/comms/asterisk18

["John Nemeth" <jnemeth%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Sun Apr 12 03:35:39 UTC 2015

Modified Files:
        pkgsrc/comms/asterisk18: Makefile distinfo

Log Message:
Update to Asterisk 1.8.32.3:  this is a security fix update.

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.

The release of these versions resolves the following security vulnerability:

* AST-2015-003: TLS Certificate Common name NULL byte exploit

  When Asterisk registers to a SIP TLS device and verifies the
  server, Asterisk will accept signed certificates that match a
  common name other than the one Asterisk is expecting if the signed
  certificate has a common name containing a null byte after the
  portion of the common name that Asterisk expected. This potentially
  allows for a man in the middle attack.

For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the Change Logs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3

The security advisory is available at:

* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

Thank you for your continued support of Asterisk!


To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/comms/asterisk18/Makefile
cvs rdiff -u -r1.59 -r1.60 pkgsrc/comms/asterisk18/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.