kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/comms
History
jnemeth 1fdc34555c Update to Asterisk 1.8.8.2. This fixes AST-2010-001: 
Asterisk Project Security Advisory - AST-2012-001

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | SRTP Video Remote Crash Vulnerability           |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | Denial of Service                               |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Moderate                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 2012-01-15                                      |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Catalin Sanda                                   |
   |----------------------+-------------------------------------------------|
   |      Posted On       | 2012-01-19                                      |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | January 19, 2012                                |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Joshua Colp < jcolp AT digium DOT com >         |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | An attacker attempting to negotiate a secure video       |
   |             | stream can crash Asterisk if video support has not been  |
   |             | enabled and the res_srtp Asterisk module is loaded.      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.8.x      | All versions          |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |      10.x      | All versions          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.8.8.2           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           10.0.1            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                                Patches                                 |
   |------------------------------------------------------------------------|
   |                             SVN URL                             |Branch|
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8  |
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff  |v10   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |   Links   | https://issues.asterisk.org/jira/browse/ASTERISK-19202     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2012-001.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2012-001.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |       Editor       |         Revisions Made          |
   |-----------------+--------------------+---------------------------------|
   | 12-01-19        | Joshua Colp        | Initial release                 |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2012-001
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2012-01-20 07:31:17 +00:00
..
asterisk Remove zaptel option, zaptel-netbsd was removed. 2011-10-06 08:35:01 +00:00
asterisk-sounds-de-x9media Change default for zip extraction to leave files as they are. 2009-08-25 11:56:34 +00:00
asterisk-sounds-extra add a conflict with asterisk >= 1.6.2 as that will include the extra sounds 2010-09-22 02:25:12 +00:00
asterisk-sounds-native
asterisk10 Update to Asterisk 10.0.1. This fixes AST-2012-001: 2012-01-20 07:29:08 +00:00
asterisk16 PR/35369 -- David Wetzel -- add support for speex codec (enabled by default) 2012-01-17 02:12:52 +00:00
asterisk18 Update to Asterisk 1.8.8.2. This fixes AST-2010-001: 2012-01-20 07:31:17 +00:00
binkd format police 2011-04-07 13:18:23 +00:00
birda Add missing include 2011-09-25 19:40:28 +00:00
bthfp Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT 2009-05-19 08:59:00 +00:00
conserver update master_sites. ftp service has been suspended. 2011-03-14 12:11:50 +00:00
conserver8 ftp.conserver.com re-directs to a machine that does not run an ftp 2010-12-06 10:59:10 +00:00
dl-ezkit Reset maintainer for retired developers. 2011-02-28 14:52:37 +00:00
efax Add -dMaxStripSize=0 to default ghostscript command line in efax.rc 2010-06-03 12:53:47 +00:00
efax-gtk Recursive bump for graphics/freetype2 buildlink addition. 2011-11-01 06:00:33 +00:00
estic Fix build with newer GCC 2011-11-27 19:36:09 +00:00
fidogate Needs group early during installation 2010-06-19 12:18:51 +00:00
gammu recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
gkermit Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
gnome-pilot Recursive bump from audio/libaudiofile, x11/qt4-libs and x11/qt4-tools ABI bump. 2012-01-13 10:54:43 +00:00
gscmxx Revision bump after updating perl5 to 5.14.1. 2011-08-14 07:38:55 +00:00
gsmlib Fix build with newer GCC 2011-11-24 14:16:18 +00:00
hylafax Let to use new C++ style headers first for CXX runtime check, 2011-09-03 08:52:59 +00:00
jpilot Recursive bump for graphics/freetype2 buildlink addition. 2011-11-01 06:00:33 +00:00
jpilot-syncmal Recursive bump for graphics/freetype2 buildlink addition. 2011-11-01 06:00:33 +00:00
kermit 1) Add missing mk/curses buildlink. 2011-12-06 01:19:15 +00:00
kyopon Reset maintainer for retired developers. 2011-02-28 14:52:37 +00:00
libmal update master_sites. 2010-01-31 21:34:39 +00:00
libopensync Fix previous fix. 2011-11-30 23:48:18 +00:00
libopensync-plugin-evolution2 recursive bump from textproc/icu shlib major bump. 2011-06-10 09:39:41 +00:00
libopensync-plugin-file recursive bump from textproc/icu shlib major bump. 2011-06-10 09:39:41 +00:00
libopensync-plugin-kdepim Recursive bump from audio/libaudiofile, x11/qt4-libs and x11/qt4-tools ABI bump. 2012-01-13 10:54:43 +00:00
libopensync-plugin-syncml recursive bump from textproc/icu shlib major bump. 2011-06-10 09:39:41 +00:00
libsyncml recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
lrzsz recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
malsync Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
mgetty+sendfax Uses chown during install phase, so ensure that the user/group exists 2011-09-24 19:30:40 +00:00
minicom Add missing mk/termcap buildlink. 2011-12-17 10:14:56 +00:00
modemd Fix build (add missing headers). 2011-12-19 13:25:22 +00:00
msynctool recursive bump from textproc/icu shlib major bump. 2011-06-10 09:39:41 +00:00
multisync-gui Recursive bump for graphics/freetype2 buildlink addition. 2011-11-01 06:00:33 +00:00
obexapp update to 1.4.15 2011-07-13 20:51:41 +00:00
obexftp Bluetooth support for DragonFly. Bump PKGREVISION. PR pkg/41640. 2009-07-20 05:56:02 +00:00
op_panel Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
openobex MASTER_SITES=http://www.kernel.org/pub/linux/bluetooth/ 2009-08-09 08:00:46 +00:00
p5-Asterisk Revision bump after updating perl5 to 5.14.1. 2011-08-14 07:38:55 +00:00
p5-Device-Gsm Update to 1.58: 2011-08-16 19:58:06 +00:00
p5-Device-Modem Update to 1.54: 2011-08-16 19:56:56 +00:00
p5-Device-SerialPort Add LICENSE. 2011-11-05 23:13:27 +00:00
p5-Device-XBee-API Update to Device-XBee-API version 0.4 2011-09-01 02:29:38 +00:00
p5-pilot-link Revision bump after updating perl5 to 5.14.1. 2011-08-14 07:38:55 +00:00
p5-SMS-Send Revision bump after updating perl5 to 5.14.1. 2011-08-14 07:38:55 +00:00
pilot-link Fix build with perl 5.14.1 2011-10-14 11:26:31 +00:00
pilot-link-libs Update to 0.12.4: 2009-08-09 08:36:34 +00:00
pilotmgr Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
plp Fix build with gcc-4.5. 2011-12-19 13:44:07 +00:00
py-gammu distutils package, register egg-info. 2011-10-29 13:22:16 +00:00
qpage DESTDIR support 2010-01-29 16:38:20 +00:00
ruby-termios * Remove .require_paths from PLIST 2011-11-08 15:37:33 +00:00
scmxx recursive bump from gettext-lib shlib bump. 2011-04-22 13:41:54 +00:00
snooper Fix user/group handling; use SPECIAL_PERMS; support user-destdir mode. 2011-12-18 18:18:50 +00:00
spandsp Add a patch for PR/44766. The issue was that older versions of gas 2011-09-01 09:22:30 +00:00
synce-librapi2 Simply and speed up buildlink3.mk files and processing. 2009-03-20 19:23:50 +00:00
synce-libsynce Simply and speed up buildlink3.mk files and processing. 2009-03-20 19:23:50 +00:00
synce-rra Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
synce-serial Remove @dirrm entries from PLISTs 2009-06-14 17:38:38 +00:00
tkhylafax DESTDIR support 2010-01-29 16:38:20 +00:00
tn3270 USE_TOOLS, not TOOLS. Apparently my fault 2012-01-04 14:33:53 +00:00
xisp remove dead mirror. 2010-04-17 15:48:22 +00:00
xtel Fix native X build by cleaning up FONTDIR after imake. Ride previous bump. 2011-10-09 03:53:31 +00:00
Makefile add and enable asterisk10 2012-01-15 18:39:32 +00:00