diff options
| author | jnemeth <jnemeth> | 2011-01-21 05:13:12 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth> | 2011-01-21 05:13:12 +0000 |
| commit | e8b002cbe38ed1064ff4f4f0daa158c5016534c1 (patch) | |
| tree | 6c7f663aaf3ff84b476b3a607da207be13b0e2f9 /comms | |
| parent | f19a01169cc0555609874db1cbe5b636e036770f (diff) | |
| download | pkgsrc-e8b002cbe38ed1064ff4f4f0daa158c5016534c1.tar.gz | |
Update to 1.6.2.16.1
This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson at digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well.
The ast_uri_encode function does not properly respect the size
of its output buffer and can write past the end of it when
encoding URIs.
For full details, see:
http://downloads.digium.com/pub/security/AST-2011-001.html
Diffstat (limited to 'comms')
| -rw-r--r-- | comms/asterisk16/Makefile | 4 | ||||
| -rw-r--r-- | comms/asterisk16/distinfo | 26 |
2 files changed, 15 insertions, 15 deletions
diff --git a/comms/asterisk16/Makefile b/comms/asterisk16/Makefile index f636e3f9f1f..36c70054446 100644 --- a/comms/asterisk16/Makefile +++ b/comms/asterisk16/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.28 2011/01/16 06:30:56 jnemeth Exp $ +# $NetBSD: Makefile,v 1.29 2011/01/21 05:13:12 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-1.6.2.16 +DISTNAME= asterisk-1.6.2.16.1 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz diff --git a/comms/asterisk16/distinfo b/comms/asterisk16/distinfo index 58d53f43d90..c3287ff8342 100644 --- a/comms/asterisk16/distinfo +++ b/comms/asterisk16/distinfo @@ -1,17 +1,17 @@ -$NetBSD: distinfo,v 1.19 2011/01/16 06:30:56 jnemeth Exp $ +$NetBSD: distinfo,v 1.20 2011/01/21 05:13:12 jnemeth Exp $ -SHA1 (asterisk-1.6.2.16/asterisk-1.6.2.16.tar.gz) = 643e7d0db5012881b52cbea6574d6a97788e1142 -RMD160 (asterisk-1.6.2.16/asterisk-1.6.2.16.tar.gz) = 9ba8b7085b58cf670221eb08c0cded09ffda2bba -Size (asterisk-1.6.2.16/asterisk-1.6.2.16.tar.gz) = 23708360 bytes -SHA1 (asterisk-1.6.2.16/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 -RMD160 (asterisk-1.6.2.16/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 -Size (asterisk-1.6.2.16/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes -SHA1 (asterisk-1.6.2.16/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 -RMD160 (asterisk-1.6.2.16/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 -Size (asterisk-1.6.2.16/extract-cfile.awk) = 667 bytes -SHA1 (asterisk-1.6.2.16/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 -RMD160 (asterisk-1.6.2.16/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 -Size (asterisk-1.6.2.16/rfc3951.txt) = 373442 bytes +SHA1 (asterisk-1.6.2.16.1/asterisk-1.6.2.16.1.tar.gz) = 43c6ce9c3e1461bd858dd283a5a8b4753323432c +RMD160 (asterisk-1.6.2.16.1/asterisk-1.6.2.16.1.tar.gz) = f34c759d1f47f4f55fc7468581251bc078a8c930 +Size (asterisk-1.6.2.16.1/asterisk-1.6.2.16.1.tar.gz) = 23707383 bytes +SHA1 (asterisk-1.6.2.16.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 +RMD160 (asterisk-1.6.2.16.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 +Size (asterisk-1.6.2.16.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes +SHA1 (asterisk-1.6.2.16.1/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 +RMD160 (asterisk-1.6.2.16.1/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 +Size (asterisk-1.6.2.16.1/extract-cfile.awk) = 667 bytes +SHA1 (asterisk-1.6.2.16.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 +RMD160 (asterisk-1.6.2.16.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 +Size (asterisk-1.6.2.16.1/rfc3951.txt) = 373442 bytes SHA1 (patch-aa) = 8c2a3c75adff34474c8f416bcea5842e771e4631 SHA1 (patch-af) = 09860d714281cb4c65d1a087cf5b16647a16e2fa SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 |