kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/comms
History
jnemeth a5be729777 Update to Asterisk 11.2.2: this is a security update which fixes 
AST-2013-001, AST-2013-002, and AST-2013-003.

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.

The release of these versions resolve the following issues:

* A possible buffer overflow during H.264 format negotiation. The format
  attribute resource for H.264 video performs an unsafe read against a media
  attribute when parsing the SDP.

  This vulnerability only affected Asterisk 11.

* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
  in January of this year, contained a fix for Asterisk's HTTP server for a
  remotely-triggered crash. While the fix prevented the crash from being
  triggered, a denial of service vector still exists with that solution if an
  attacker sends one or more HTTP POST requests with very large Content-Length
  values.

  This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

* A potential username disclosure exists in the SIP channel driver. When
  authenticating a SIP request with alwaysauthreject enabled, allowguest
  disabled, and autocreatepeer disabled, Asterisk discloses whether a user
  exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

  This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

Thank you for your continued support of Asterisk!
2013-04-10 05:28:56 +00:00
..
asterisk Update to Asterisk 11.2.2: this is a security update which fixes 2013-04-10 05:28:56 +00:00
asterisk-sounds-de-x9media Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
asterisk-sounds-native Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
asterisk10 Update to Asterisk 10.12.2: this is a security update which fixes 2013-04-10 05:27:08 +00:00
asterisk18 Update to Asterisk 1.2.20.2: this is a security update which fixes 2013-04-10 05:24:38 +00:00
binkd format police 2011-04-07 13:18:23 +00:00
birda Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
bthfp Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
conserver Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
conserver8 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
deforaos-phone Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
dl-ezkit Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
efax Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
efax-gtk Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
estic remove obsolete patches (replaced by patch-estic-*.cc) 2012-12-13 09:08:39 +00:00
fidogate Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
gammu PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
gkermit Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
gnome-pilot Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
gsmlib Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
hylafax Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
java-rxtx The printer port support is experimental, and only supported on some 2013-03-29 12:40:24 +00:00
jpilot Edited DESCR in the case of: 2013-04-07 20:49:31 +00:00
jpilot-syncmal Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
kermit PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
kyopon Fixes: 2013-04-06 03:45:05 +00:00
libmal Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
libopensync Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
libopensync-plugin-evolution2 Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
libopensync-plugin-file Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
libopensync-plugin-kdepim Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
libopensync-plugin-syncml bump PKGREVISION for openobex update 2013-03-15 08:25:56 +00:00
libsyncml bump PKGREVISION for openobex update 2013-03-15 08:25:15 +00:00
lirc Fix build failure on some Linuxes if CHECK_INTERPRETER=yes 2012-12-25 11:41:25 +00:00
lrzsz Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
malsync Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
mgetty+sendfax utmpx.h is no longer included by util.h, adjust. Fix inline use. 2013-03-28 21:17:56 +00:00
minicom Update to 2.6.1, from diro in PR 47209. 2012-12-12 12:35:21 +00:00
modemd Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
msynctool Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
multisync-gui Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
obexapp bump PKGREVISION for openobex update 2013-03-15 08:23:05 +00:00
obexftp Update to ObexFTP 0.24 2013-03-15 08:18:43 +00:00
op_panel Edited DESCR in the case of: 2013-04-07 20:49:31 +00:00
openobex Linux fixes: 2013-03-21 06:53:36 +00:00
p5-Asterisk Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
p5-Data-AMF Add missing dependency on p5-DateTime, and bump PKGREVISION. 2012-12-11 10:01:38 +00:00
p5-Device-Gsm Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
p5-Device-Modem Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
p5-Device-SerialPort Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
p5-Device-XBee-API Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
p5-pilot-link Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
p5-SMS-Send Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
pilot-link Recursive bump for png-1.6. 2013-02-16 11:18:58 +00:00
pilot-link-libs Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
pilotmgr Bump all packages that use perl, or depend on a p5-* package, or 2012-10-03 21:53:53 +00:00
plp Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
py-gammu Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
py-serial Add puyserial 26, which provides a uniform interface for accessing 2012-12-09 15:26:29 +00:00
qpage Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
ruby-termios Fix build problem with ruby193-base-1.9.3p327 (Ruby 1.9.3 patchlevel 327). 2012-12-05 12:12:23 +00:00
scmxx Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
snooper Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
spandsp Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
synce-librapi2 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
synce-libsynce Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
synce-rra Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
synce-serial Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
tkhylafax Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
tn3270 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
xisp Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
xtel Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
Makefile SUBDIR+=java-rxtx 2013-02-11 01:14:41 +00:00