CVS commit: [pkgsrc-2014Q3] pkgsrc/comms/asterisk

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2014Q3] pkgsrc/comms/asterisk
From: "Matthias Scheler" <tron%netbsd.org@localhost>
Date: Sun, 14 Dec 2014 09:52:57 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Sun Dec 14 09:52:57 UTC 2014

Modified Files:
        pkgsrc/comms/asterisk [pkgsrc-2014Q3]: Makefile distinfo

Log Message:
Pullup ticket #4572 - requested by jnemeth
comms/asterisk: security update

Revisions pulled up:
- comms/asterisk/Makefile                                       1.116
- comms/asterisk/distinfo                                       1.70

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Fri Dec 12 22:12:56 UTC 2014

   Modified Files:
           pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update to Asterisk 11.14.2: this is a security fix release.

   The Asterisk Development Team has announced security releases for
   Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
   security releases are released as versions 11.6-cert9, 11.14.2,
   12.7.2, and 13.0.2.

   The release of these versions resolves the following security vulnerability:

   * AST-2014-019: Remote Crash Vulnerability in WebSocket Server

     When handling a WebSocket frame the res_http_websocket module
     dynamically changes the size of the memory used to allow the
     provided payload to fit. If a payload length of zero was received
     the code would incorrectly attempt to resize to zero. This
     operation would succeed and end up freeing the memory but be
     treated as a failure. When the session was subsequently torn down
     this memory would get freed yet again causing a crash.

   For more information about the details of this vulnerability, please read
   security advisory AST-2014-019, which was released at the same time as this
   announcement.

   For a full list of changes in the current releases, please see the Change Logs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2

   The security advisory is available at:

   * http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

   Thank you for your continued support of Asterisk!


To generate a diff of this commit:
cvs rdiff -u -r1.111.2.1 -r1.111.2.2 pkgsrc/comms/asterisk/Makefile
cvs rdiff -u -r1.66.2.1 -r1.66.2.2 pkgsrc/comms/asterisk/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2014Q3] pkgsrc/security/libksba
Next by Date: CVS commit: [pkgsrc-2014Q3] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2014Q3] pkgsrc/security/libksba
Next by Thread: CVS commit: [pkgsrc-2014Q3] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index