CVS commit: pkgsrc/comms/asterisk18

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/comms/asterisk18
From: "John Nemeth" <jnemeth%netbsd.org@localhost>
Date: Mon, 17 Oct 2011 23:40:50 +0000

Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Mon Oct 17 23:40:50 UTC 2011

Modified Files:
        pkgsrc/comms/asterisk18: Makefile PLIST distinfo

Log Message:
Update to 1.8.7.1 -- this update fixes AST-2011-012

pkgsrc change:  now what sqlite3 has been imported into NetBSD, enable it

               Asterisk Project Security Advisory - AST-2011-012

          Product         Asterisk
          Summary         Remote crash vulnerability in SIP channel driver
     Nature of Advisory   Remote crash
       Susceptibility     Remote authenticated sessions
          Severity        Critical
       Exploits Known     No
        Reported On       October 4, 2011
        Reported By       Ehsan Foroughi
         Posted On        October 17, 2011
      Last Updated On     October 17, 2011
      Advisory Contact    Terry Wilson <twilson%digium.com@localhost>
          CVE Name        CVE-2011-4063

    Description  A remote authenticated user can cause a crash with a
                 malformed request due to an unitialized variable.

    Resolution  Ensure variables are initialized in all cases when parsing
                the request.

                               Affected Versions
           Product         Release Series
    Asterisk Open Source       1.8.x       All versions
    Asterisk Open Source        10.x       All versions (currently in beta)

                                  Corrected In
                  Product                              Release
            Asterisk Open Source                 1.8.7.1, 10.0.0-rc1

                                    Patches
                             Download URL                           Revision
   http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
   http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff  10

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-012.pdf and
    http://downloads.digium.com/pub/security/AST-2011-012.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-012
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/comms/asterisk18/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/comms/asterisk18/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/comms/asterisk18/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/audio/mpg123/patches
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/audio/mpg123/patches
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index