Subject: CVS commit: pkgsrc/comms/asterisk
To: None <pkgsrc-changes@NetBSD.org>
From: Martin J. Laubach <mjl@netbsd.org>
List: pkgsrc-changes
Date: 10/19/2006 14:02:07
Module Name: pkgsrc
Committed By: mjl
Date: Thu Oct 19 14:02:07 UTC 2006
Modified Files:
pkgsrc/comms/asterisk: Makefile distinfo
Log Message:
Update to asterisk 1.2.13
This release contains a fix for a security vulnerability recently
found in the chan_skinny channel driver (for Cisco SCCP phones).
This vulnerability would enable an attacker to remotely execute
code as the system user running Asterisk (frequently 'root').
The exploit does not require that the skinny.conf contain any
valid phone entries, only that chan_skinny is loaded and operational.
This release also contains a number of bug fixes, and some improvements
to the chan_sip channel driver (for SIP devices) to mitigate the impacts
of a certain class of denial-of-service attacks that have recently been
published.
All Asterisk 1.2 users are urged to update to this release if they use
the chan_skinny channel driver, or to stop loading it if it is not
needed ('noload=>chan_skinny.so' in modules.conf will cause this behavior).
To generate a diff of this commit:
cvs rdiff -r1.32 -r1.33 pkgsrc/comms/asterisk/Makefile
cvs rdiff -r1.20 -r1.21 pkgsrc/comms/asterisk/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.