diff options
| author | jnemeth <jnemeth@pkgsrc.org> | 2014-12-12 22:12:56 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth@pkgsrc.org> | 2014-12-12 22:12:56 +0000 |
| commit | 110464e6e47cf22622b656e3c18eb2fbc64047d3 (patch) | |
| tree | 71ce335e0031c1fda8de029ac23dc15434a98861 /comms | |
| parent | c470290fe484417eee3a7b1bddc9f514f4ee1cb9 (diff) | |
| download | pkgsrc-110464e6e47cf22622b656e3c18eb2fbc64047d3.tar.gz | |
Update to Asterisk 11.14.2: this is a security fix release.
The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.
The release of these versions resolves the following security vulnerability:
* AST-2014-019: Remote Crash Vulnerability in WebSocket Server
When handling a WebSocket frame the res_http_websocket module
dynamically changes the size of the memory used to allow the
provided payload to fit. If a payload length of zero was received
the code would incorrectly attempt to resize to zero. This
operation would succeed and end up freeing the memory but be
treated as a failure. When the session was subsequently torn down
this memory would get freed yet again causing a crash.
For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf
Thank you for your continued support of Asterisk!
Diffstat (limited to 'comms')
| -rw-r--r-- | comms/asterisk/Makefile | 4 | ||||
| -rw-r--r-- | comms/asterisk/distinfo | 14 |
2 files changed, 9 insertions, 9 deletions
diff --git a/comms/asterisk/Makefile b/comms/asterisk/Makefile index 0d22a58f1ec..cf30fb323a3 100644 --- a/comms/asterisk/Makefile +++ b/comms/asterisk/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.115 2014/12/03 01:57:37 jnemeth Exp $ +# $NetBSD: Makefile,v 1.116 2014/12/12 22:12:56 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-11.14.1 +DISTNAME= asterisk-11.14.2 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz diff --git a/comms/asterisk/distinfo b/comms/asterisk/distinfo index 3c64fdeffd5..cc6eefee168 100644 --- a/comms/asterisk/distinfo +++ b/comms/asterisk/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.69 2014/12/03 01:57:37 jnemeth Exp $ +$NetBSD: distinfo,v 1.70 2014/12/12 22:12:56 jnemeth Exp $ -SHA1 (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 10f1ac8c282bbb99c07eaa13c93f994294dd552f -RMD160 (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 6f7bcde4be32a35bfc9b5c23c6f021fcfc52e205 -Size (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 34966823 bytes -SHA1 (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 -RMD160 (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 -Size (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes +SHA1 (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 92c1d5e37bc0978351045fcb09075035077ab3da +RMD160 (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 63fadeca5f8351e55559e8933077fa1a8655e700 +Size (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 34967655 bytes +SHA1 (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 +RMD160 (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 +Size (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes SHA1 (patch-Makefile) = ed581d46026e8e89ed8be374c7085efca19911d2 SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29 SHA1 (patch-apps_app__dial.c) = 0f78d2571af88384a2d472ece08bf4b06f9ad211 |