Update to Asterisk 1.8.8.2. This fixes AST-2010-001:

               Asterisk Project Security Advisory - AST-2012-001

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | SRTP Video Remote Crash Vulnerability           |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | Denial of Service                               |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Moderate                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 2012-01-15                                      |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Catalin Sanda                                   |
   |----------------------+-------------------------------------------------|
   |      Posted On       | 2012-01-19                                      |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | January 19, 2012                                |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Joshua Colp < jcolp AT digium DOT com >         |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | An attacker attempting to negotiate a secure video       |
   |             | stream can crash Asterisk if video support has not been  |
   |             | enabled and the res_srtp Asterisk module is loaded.      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.8.x      | All versions          |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |      10.x      | All versions          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.8.8.2           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           10.0.1            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                                Patches                                 |
   |------------------------------------------------------------------------|
   |                             SVN URL                             |Branch|
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8  |
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff  |v10   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |   Links   | https://issues.asterisk.org/jira/browse/ASTERISK-19202     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2012-001.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2012-001.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |       Editor       |         Revisions Made          |
   |-----------------+--------------------+---------------------------------|
   | 12-01-19        | Joshua Colp        | Initial release                 |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2012-001
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

2 files changed, 15 insertions, 16 deletions

diff --git a/comms/asterisk18/Makefile b/comms/asterisk18/Makefile
index 4157e4fd99a..6acf4435af6 100644
--- a/comms/asterisk18/Makefile
+++ b/comms/asterisk18/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.19 2012/01/17 06:29:41 jnemeth Exp $
+# $NetBSD: Makefile,v 1.20 2012/01/20 07:31:17 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked
 
-DISTNAME=	asterisk-1.8.8.1
-PKGREVISION=	1
+DISTNAME=	asterisk-1.8.8.2
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz
diff --git a/comms/asterisk18/distinfo b/comms/asterisk18/distinfo
index a350532183d..ff25ef5e5a8 100644
--- a/comms/asterisk18/distinfo
+++ b/comms/asterisk18/distinfo
@@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.16 2012/01/15 03:32:47 jnemeth Exp $
+$NetBSD: distinfo,v 1.17 2012/01/20 07:31:17 jnemeth Exp $
 
-SHA1 (asterisk-1.8.8.1/asterisk-1.8.8.1.tar.gz) = ef4e58a00b1e8a9ae6b1923dd9feab1a0e6cd582
-RMD160 (asterisk-1.8.8.1/asterisk-1.8.8.1.tar.gz) = 8bf3d816786b2b5ba0bc87b3e008d5ab3a1b3955
-Size (asterisk-1.8.8.1/asterisk-1.8.8.1.tar.gz) = 24774178 bytes
-SHA1 (asterisk-1.8.8.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
-RMD160 (asterisk-1.8.8.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
-Size (asterisk-1.8.8.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
-SHA1 (asterisk-1.8.8.1/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
-RMD160 (asterisk-1.8.8.1/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
-Size (asterisk-1.8.8.1/extract-cfile.txt) = 643 bytes
-SHA1 (asterisk-1.8.8.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
-RMD160 (asterisk-1.8.8.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
-Size (asterisk-1.8.8.1/rfc3951.txt) = 373442 bytes
+SHA1 (asterisk-1.8.8.2/asterisk-1.8.8.2.tar.gz) = 4046350bc9143882db6569d1fa8df90a63c53f26
+RMD160 (asterisk-1.8.8.2/asterisk-1.8.8.2.tar.gz) = 140d2bafdeeb259469b1514c3c6a4d09eb17aa17
+Size (asterisk-1.8.8.2/asterisk-1.8.8.2.tar.gz) = 24776534 bytes
+SHA1 (asterisk-1.8.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
+RMD160 (asterisk-1.8.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
+Size (asterisk-1.8.8.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
+SHA1 (asterisk-1.8.8.2/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
+RMD160 (asterisk-1.8.8.2/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
+Size (asterisk-1.8.8.2/extract-cfile.txt) = 643 bytes
+SHA1 (asterisk-1.8.8.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
+RMD160 (asterisk-1.8.8.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
+Size (asterisk-1.8.8.2/rfc3951.txt) = 373442 bytes
 SHA1 (patch-aa) = 496565e1e567c42ab6ba8f996c506f52cb9c8cfe
 SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab
 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5