Update to 1.8.2.2

This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver Asterisk Project Security Advisory - AST-2011-001 Product Asterisk Summary Stack buffer overflow in SIP channel driver Nature of Advisory Exploitable Stack Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On January 11, 2011 Reported By Matthew Nicholson Posted On January 18, 2011 Last Updated On January 18, 2011 Advisory Contact Matthew Nicholson <mnicholson at digium.com> CVE Name Description When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. This vulnerability also affects the URIENCODE dialplan function and in some versions of asterisk, the AGI dialplan application as well. The ast_uri_encode function does not properly respect the size of its output buffer and can write past the end of it when encoding URIs. For full details, see: http://downloads.digium.com/pub/security/AST-2011-001.html
2011-01-21 07:00:43 +00:00 · 2011-01-21 07:00:43 +00:00 · 2b2576d313
commit 2b2576d313
parent 52055c4c7b
2 changed files with 15 additions and 15 deletions
--- a/comms/asterisk18/Makefile
+++ b/comms/asterisk18/Makefile
@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.3 2011/01/16 17:52:42 jnemeth Exp $
+# $NetBSD: Makefile,v 1.4 2011/01/21 07:00:43 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked

-DISTNAME=	asterisk-1.8.2
+DISTNAME=	asterisk-1.8.2.2
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz
--- a/comms/asterisk18/distinfo
+++ b/comms/asterisk18/distinfo
@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.5 2011/01/16 17:52:42 jnemeth Exp $
+$NetBSD: distinfo,v 1.6 2011/01/21 07:00:43 jnemeth Exp $

-SHA1 (asterisk-1.8.2/asterisk-1.8.2.tar.gz) = aa47c1602581fb1a9ea59af4d911c33713c50d85
-RMD160 (asterisk-1.8.2/asterisk-1.8.2.tar.gz) = 2d7c5c98dde2fb98317f05ea94e94a3c0a264008
-Size (asterisk-1.8.2/asterisk-1.8.2.tar.gz) = 26237515 bytes
-SHA1 (asterisk-1.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
-RMD160 (asterisk-1.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
-Size (asterisk-1.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
-SHA1 (asterisk-1.8.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
-RMD160 (asterisk-1.8.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
-Size (asterisk-1.8.2/extract-cfile.awk) = 667 bytes
-SHA1 (asterisk-1.8.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
-RMD160 (asterisk-1.8.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
-Size (asterisk-1.8.2/rfc3951.txt) = 373442 bytes
+SHA1 (asterisk-1.8.2.2/asterisk-1.8.2.2.tar.gz) = c5cf5a02e2dcab9b537c8909fc7505fedf025c43
+RMD160 (asterisk-1.8.2.2/asterisk-1.8.2.2.tar.gz) = 1f642528d67773a82abb928f725309c88c33b2f7
+Size (asterisk-1.8.2.2/asterisk-1.8.2.2.tar.gz) = 26330842 bytes
+SHA1 (asterisk-1.8.2.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
+RMD160 (asterisk-1.8.2.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
+Size (asterisk-1.8.2.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
+SHA1 (asterisk-1.8.2.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
+RMD160 (asterisk-1.8.2.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
+Size (asterisk-1.8.2.2/extract-cfile.awk) = 667 bytes
+SHA1 (asterisk-1.8.2.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
+RMD160 (asterisk-1.8.2.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
+Size (asterisk-1.8.2.2/rfc3951.txt) = 373442 bytes
 SHA1 (patch-aa) = a157fe745bde7880cbbdcfdf9e4bb4381f1df185
 SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9
 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5