jnemeth 125c097b80 Update to Asterisk 1.8.4.4 (fixes AST-2011-011): ... Asterisk Project Security Advisory - AST-2011-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Possible enumeration of SIP users due to | | | differing authentication responses | |--------------------+---------------------------------------------------| | Nature of Advisory | Unauthorized data disclosure | |--------------------+---------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |--------------------+---------------------------------------------------| | Severity | Moderate | |--------------------+---------------------------------------------------| | Exploits Known | No | |--------------------+---------------------------------------------------| | CVE Name | CVE-2011-2536 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | Asterisk may respond differently to SIP requests from an | | | invalid SIP user than it does to a user configured on | | | the system, even when the alwaysauthreject option is set | | | in the configuration. This can leak information about | | | what SIP users are valid on the Asterisk system. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | Respond to SIP requests from invalid and valid SIP users | | | in the same way. Asterisk 1.4 and 1.6.2 do not respond | | | identically by default due to backward-compatibility | | | reasons, and must have alwaysauthreject=yes set in | | | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. | | | | | | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 | | | and 1.6.2 set alwaysauthreject=yes in the general section | | | of sip.conf. | +------------------------------------------------------------------------+		2011-07-05 08:42:56 +00:00
..
asterisk	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
asterisk-sounds-de-x9media
asterisk-sounds-extra
asterisk-sounds-native
asterisk16	Update to 1.6.2.19 (fixes several security issues):	2011-07-05 08:34:47 +00:00
asterisk18	Update to Asterisk 1.8.4.4 (fixes AST-2011-011):	2011-07-05 08:42:56 +00:00
binkd	format police	2011-04-07 13:18:23 +00:00
birda
bthfp
conserver	update master_sites. ftp service has been suspended.	2011-03-14 12:11:50 +00:00
conserver8	ftp.conserver.com re-directs to a machine that does not run an ftp	2010-12-06 10:59:10 +00:00
dl-ezkit	Reset maintainer for retired developers.	2011-02-28 14:52:37 +00:00
efax
efax-gtk	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
estic	Bump revision.	2011-03-31 17:55:25 +00:00
fidogate
gammu	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
gkermit
gnome-pilot	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
gscmxx
gsmlib	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
hylafax	Mechanically replace references to graphics/jpeg with the suitable	2010-12-23 11:44:24 +00:00
jpilot	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
jpilot-syncmal	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
kermit	Fix build on SunOS.	2011-05-14 19:27:53 +00:00
kyopon	Reset maintainer for retired developers.	2011-02-28 14:52:37 +00:00
libmal
libopensync	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
libopensync-plugin-evolution2	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
libopensync-plugin-file	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
libopensync-plugin-kdepim	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
libopensync-plugin-syncml	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
libsyncml	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
lrzsz	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
malsync
mgetty+sendfax	move PKG_DESTDIR_SUPPORT and LICENSE to usual location.	2011-04-16 11:16:34 +00:00
minicom	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
modemd	Include <stdlib.h> not only NetBSD.	2010-12-30 09:02:51 +00:00
msynctool	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
multisync-gui	recursive bump from textproc/icu shlib major bump.	2011-06-10 09:39:41 +00:00
obexapp
obexftp
op_panel
openobex
p5-Asterisk
p5-Device-Gsm
p5-Device-Modem
p5-Device-SerialPort
p5-pilot-link	Use more REPLACE_PERL, and use SUBST for handling the interpreter line of	2011-06-19 18:37:38 +00:00
p5-SMS-Send	* Change MASTER_SITES subdir to simple usual one.	2011-05-19 05:19:32 +00:00
pilot-link	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
pilot-link-libs
pilotmgr
plp
py-gammu
qpage
ruby-termios	Bump PKGREVISION due to ABI change of ruby18-base.	2011-02-21 16:01:10 +00:00
scmxx	recursive bump from gettext-lib shlib bump.	2011-04-22 13:41:54 +00:00
snooper
spandsp	SpanDSP is a library of DSP functions for telephony, in the 8000	2011-02-06 08:32:06 +00:00
synce-dccm
synce-librapi2
synce-libsynce
synce-rra
synce-serial
tkhylafax
tn3270	Add a workaround for DragonFly arpa/telnet.h.	2010-12-30 09:22:43 +00:00
xisp
xtel	Mechanically replace references to graphics/jpeg with the suitable	2010-12-23 11:44:24 +00:00
zaptel-netbsd
Makefile	add and enable several perl modules needed to support databases/koha. PR pkg/43929	2011-05-18 02:23:22 +00:00