diff options
| author | jnemeth <jnemeth@pkgsrc.org> | 2009-12-18 14:39:26 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth@pkgsrc.org> | 2009-12-18 14:39:26 +0000 |
| commit | 03ccd904e880b7b9f9a421870ed64ca88565ee38 (patch) | |
| tree | 6a73533e665913da8670cf8860411049d5a4f09f /comms | |
| parent | 9711a6a2dfd4496315173dcc7588274a3451f85a (diff) | |
| download | pkgsrc-03ccd904e880b7b9f9a421870ed64ca88565ee38.tar.gz | |
Update to 1.2.37. This update is to fix two security issues.
1.2.36 fixed AST-2009-008, and 1.2.37 fixed AST-2009-010. The
problem in AST-2009-008 is:
-----
It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of "403 Authentication user name does not
match account name". If the peer does not exist the response will
be "404 Not Found" if alwaysauthreject is disabled and "401
Unauthorized" if alwaysauthreject is enabled.
-----
And, the problem in AST-2009-010 is:
-----
An attacker sending a valid RTP comfort noise payload containing
a data length of 24 bytes or greater can remotely crash Asterisk.
-----
Diffstat (limited to 'comms')
| -rw-r--r-- | comms/asterisk/Makefile | 4 | ||||
| -rw-r--r-- | comms/asterisk/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/comms/asterisk/Makefile b/comms/asterisk/Makefile index dfcfd75d5df..ecc10e30bbd 100644 --- a/comms/asterisk/Makefile +++ b/comms/asterisk/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.68 2009/09/05 01:44:18 jnemeth Exp $ +# $NetBSD: Makefile,v 1.69 2009/12/18 14:39:26 jnemeth Exp $ -DISTNAME= asterisk-1.2.35 +DISTNAME= asterisk-1.2.37 CATEGORIES= comms net audio MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/releases/ \ http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ diff --git a/comms/asterisk/distinfo b/comms/asterisk/distinfo index 1c563e58a1c..ae45d4b3a42 100644 --- a/comms/asterisk/distinfo +++ b/comms/asterisk/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.44 2009/09/05 01:44:18 jnemeth Exp $ +$NetBSD: distinfo,v 1.45 2009/12/18 14:39:26 jnemeth Exp $ -SHA1 (asterisk-1.2.35.tar.gz) = 6f6981612d95786dbb668381c34cd80ac3fb524b -RMD160 (asterisk-1.2.35.tar.gz) = 7f63b2700d0dbc7f09ca71e83cb178cf7443bfb4 -Size (asterisk-1.2.35.tar.gz) = 29894811 bytes +SHA1 (asterisk-1.2.37.tar.gz) = c9a3c4684e021f62b4d19f6e0c8fc11f64db19d6 +RMD160 (asterisk-1.2.37.tar.gz) = 1de7ff96d3b1fd8d89f3ef7b3bb9e35bedccfb33 +Size (asterisk-1.2.37.tar.gz) = 29899629 bytes SHA1 (patch-aa) = 0070d874445d5bad7eb5a4cbd023a8f698e1f938 SHA1 (patch-ab) = 1bdae0ff206b63fe63373a307ecd23859c10cb79 SHA1 (patch-ac) = 4f783699c7d701030788646f8b961fa9245dc127 |