Update to 1.8.2.2

This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver

               Asterisk Project Security Advisory - AST-2011-001

         Product        Asterisk
         Summary        Stack buffer overflow in SIP channel driver
    Nature of Advisory  Exploitable Stack Buffer Overflow
      Susceptibility    Remote Authenticated Sessions
         Severity       Moderate
      Exploits Known    No
       Reported On      January 11, 2011
       Reported By      Matthew Nicholson
        Posted On       January 18, 2011
     Last Updated On    January 18, 2011
     Advisory Contact   Matthew Nicholson <mnicholson at digium.com>
         CVE Name

   Description When forming an outgoing SIP request while in pedantic mode, a
               stack buffer can be made to overflow if supplied with
               carefully crafted caller ID information. This vulnerability
               also affects the URIENCODE dialplan function and in some
               versions of asterisk, the AGI dialplan application as well.
               The ast_uri_encode function does not properly respect the size
               of its output buffer and can write past the end of it when
               encoding URIs.

For full details, see:

http://downloads.digium.com/pub/security/AST-2011-001.html
This commit is contained in:
jnemeth 2011-01-21 07:00:43 +00:00
parent 52055c4c7b
commit 2b2576d313
2 changed files with 15 additions and 15 deletions

View file

@ -1,9 +1,9 @@
# $NetBSD: Makefile,v 1.3 2011/01/16 17:52:42 jnemeth Exp $
# $NetBSD: Makefile,v 1.4 2011/01/21 07:00:43 jnemeth Exp $
#
# NOTE: when updating this package, there are two places that sound
# tarballs need to be checked
DISTNAME= asterisk-1.8.2
DISTNAME= asterisk-1.8.2.2
DIST_SUBDIR= ${PKGNAME_NOREV}
DISTFILES= ${DEFAULT_DISTFILES}
EXTRACT_ONLY= ${DISTNAME}.tar.gz

View file

@ -1,17 +1,17 @@
$NetBSD: distinfo,v 1.5 2011/01/16 17:52:42 jnemeth Exp $
$NetBSD: distinfo,v 1.6 2011/01/21 07:00:43 jnemeth Exp $
SHA1 (asterisk-1.8.2/asterisk-1.8.2.tar.gz) = aa47c1602581fb1a9ea59af4d911c33713c50d85
RMD160 (asterisk-1.8.2/asterisk-1.8.2.tar.gz) = 2d7c5c98dde2fb98317f05ea94e94a3c0a264008
Size (asterisk-1.8.2/asterisk-1.8.2.tar.gz) = 26237515 bytes
SHA1 (asterisk-1.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
RMD160 (asterisk-1.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
Size (asterisk-1.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
SHA1 (asterisk-1.8.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
RMD160 (asterisk-1.8.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
Size (asterisk-1.8.2/extract-cfile.awk) = 667 bytes
SHA1 (asterisk-1.8.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
RMD160 (asterisk-1.8.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
Size (asterisk-1.8.2/rfc3951.txt) = 373442 bytes
SHA1 (asterisk-1.8.2.2/asterisk-1.8.2.2.tar.gz) = c5cf5a02e2dcab9b537c8909fc7505fedf025c43
RMD160 (asterisk-1.8.2.2/asterisk-1.8.2.2.tar.gz) = 1f642528d67773a82abb928f725309c88c33b2f7
Size (asterisk-1.8.2.2/asterisk-1.8.2.2.tar.gz) = 26330842 bytes
SHA1 (asterisk-1.8.2.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
RMD160 (asterisk-1.8.2.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
Size (asterisk-1.8.2.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
SHA1 (asterisk-1.8.2.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
RMD160 (asterisk-1.8.2.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
Size (asterisk-1.8.2.2/extract-cfile.awk) = 667 bytes
SHA1 (asterisk-1.8.2.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
RMD160 (asterisk-1.8.2.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
Size (asterisk-1.8.2.2/rfc3951.txt) = 373442 bytes
SHA1 (patch-aa) = a157fe745bde7880cbbdcfdf9e4bb4381f1df185
SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9
SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5