pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/comms/asterisk Update to 1.2.37. This update is to fi...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/a603ce8f9046
branches:  trunk
changeset: 568776:a603ce8f9046
user:      jnemeth <jnemeth%pkgsrc.org@localhost>
date:      Fri Dec 18 14:39:26 2009 +0000

description:
Update to 1.2.37.  This update is to fix two security issues.
1.2.36 fixed AST-2009-008, and 1.2.37 fixed AST-2009-010.  The
problem in AST-2009-008 is:

-----

It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of "403 Authentication user name does not
match account name". If the peer does not exist the response will
be "404 Not Found" if alwaysauthreject is disabled and "401
Unauthorized" if alwaysauthreject is enabled.

-----

And, the problem in AST-2009-010 is:

-----

An attacker sending a valid RTP comfort noise payload containing
a data length of 24 bytes or greater can remotely crash Asterisk.

-----

diffstat:

 comms/asterisk/Makefile |  4 ++--
 comms/asterisk/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (28 lines):

diff -r cd4a75390e13 -r a603ce8f9046 comms/asterisk/Makefile
--- a/comms/asterisk/Makefile   Fri Dec 18 14:02:07 2009 +0000
+++ b/comms/asterisk/Makefile   Fri Dec 18 14:39:26 2009 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.68 2009/09/05 01:44:18 jnemeth Exp $
+# $NetBSD: Makefile,v 1.69 2009/12/18 14:39:26 jnemeth Exp $
 
-DISTNAME=      asterisk-1.2.35
+DISTNAME=      asterisk-1.2.37
 CATEGORIES=    comms net audio
 MASTER_SITES=  http://downloads.asterisk.org/pub/telephony/asterisk/releases/ \
                http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
diff -r cd4a75390e13 -r a603ce8f9046 comms/asterisk/distinfo
--- a/comms/asterisk/distinfo   Fri Dec 18 14:02:07 2009 +0000
+++ b/comms/asterisk/distinfo   Fri Dec 18 14:39:26 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.44 2009/09/05 01:44:18 jnemeth Exp $
+$NetBSD: distinfo,v 1.45 2009/12/18 14:39:26 jnemeth Exp $
 
-SHA1 (asterisk-1.2.35.tar.gz) = 6f6981612d95786dbb668381c34cd80ac3fb524b
-RMD160 (asterisk-1.2.35.tar.gz) = 7f63b2700d0dbc7f09ca71e83cb178cf7443bfb4
-Size (asterisk-1.2.35.tar.gz) = 29894811 bytes
+SHA1 (asterisk-1.2.37.tar.gz) = c9a3c4684e021f62b4d19f6e0c8fc11f64db19d6
+RMD160 (asterisk-1.2.37.tar.gz) = 1de7ff96d3b1fd8d89f3ef7b3bb9e35bedccfb33
+Size (asterisk-1.2.37.tar.gz) = 29899629 bytes
 SHA1 (patch-aa) = 0070d874445d5bad7eb5a4cbd023a8f698e1f938
 SHA1 (patch-ab) = 1bdae0ff206b63fe63373a307ecd23859c10cb79
 SHA1 (patch-ac) = 4f783699c7d701030788646f8b961fa9245dc127



Home | Main Index | Thread Index | Old Index