| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
${PLIST.eggfile} from PLISTs and support code from lang/python.
|
|
Because it depends on changes to the API in libtiff 4.x, set the minimum
BUILDLINK_API_DEPENDS accordingly. And, even though it wasn't building,
bump PKGREVISION to 7; the new package depending on tiff>=4.0 needs to
be distinguishable from the old package depending on tiff<4.0.
XXX: This package desperately needs to be updated. It is years out of
XXX: date with respect to upstream.
|
|
to produce the same binary package, if something went wrong it might not,
so bump PKGREVISION (to 2) as a precaution.
|
|
Attempt to honor VARBASE instead of blithely dropping stuff into /var;
may be incomplete. Doing this right may require sorting out multiple
/var trees as it shouldn't, at least by default, be working dialer
locks in the pkgsrc VARBASE; however, it's not clear that those will
always necessarily be in /var either. For now the package assumes
they will be though.
*** If I have broken this for you, please let me know ASAP.
|
|
command line. Eliminates a lot of build noise.
|
|
and -current.
|
|
pkgsrc change: eliminate ilbc option now that the iLBC codec is always built
The Asterisk Development Team has announced the release of Asterisk 1.8.11.0.
The release of Asterisk 1.8.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix potential buffer overrun and memory leak when executing "sip
show peers"
* --- Fix ACK routing for non-2xx responses.
* --- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
* --- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
* --- Copy CDR variables when set during a bridge
* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.11.0
Thank you for your continued support of Asterisk!
|
|
pkgsrc change: eliminate ilbc option now that iLBC codec is always built
The Asterisk Development Team has announced the release of Asterisk 10.3.0.
The release of Asterisk 10.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix potential buffer overrun and memory leak when executing "sip
show peers"
* --- Fix ACK routing for non-2xx responses.
* --- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
* --- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
* --- Copy CDR variables when set during a bridge
* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.3.0
Thank you for your continued support of Asterisk!
|
|
Changes:
1.06 Wed 9 Nov 2011
- No functional changes
- Moved to production version
- Updating to Module::Install::DSL 1.04
- New Perl back-compatibility target of 5.6
- Made the Perl back-compat target explicit
- Bumping a variety of dependencies to pick up bug fixes
- Don't import from Params::Util
- Various whitespace/tabbing fixes
- Removed the use of base.pm
- Updated bundled author tests and moved to xt
|
|
Changes:
1.56 Thu Sep 29 13:43:31 CEST 2011
- [RT#71330] Unbroken the MANIFEST file. 1.55 was non functional.
Thanks to Vita Cizek for reporting.
1.55 [BROKEN RELEASE. AVOID] Fri Sep 23 22:01:31 CEST 2011
- Performance improvements by Ed Wildgoose, long time user. Thanks Ed!
Windows users, please test this release!
|
|
Changes:
1.60 Fri Mar 16 12:14:07 CET 2012
- Removed the syslog test. Was artificial and pointless,
and it failed on Windows and Solaris. Thanks to CPAN testers reports.
1.59 Thu Mar 8 10:13:30 CET 2012
- Fixed RT #75619, POD fixes to make the POD clean for Debian packaging.
- Applied .perltidyrc to all source files. Watch out if you had patches :)
|
|
Changes:
1.03 Fix AGI.pm from printing warnings on some optional
variables (http://bugs.debian.org/525025)
1.02 Fix POD for AGI.pm thanks to Lawrence Gilbert
Fix Manager.pm parsing values that were 0
Fix verbose example in AGI.pm
Fix return in _readparse in AGI.pm
Fix quoting on a few AGI.pm commands
|
|
This is a security fix update. It fixes AST-2012-002.
NOTE NOTE NOTE
This is likely to be the last update to this package. This version
of Asterisk will be EOLed on April 21st, 2012. It will probably
be removed from pkgsrc not long after that. If you are still using
this package, you should consider switching to comms/asterisk18,
the Long Term Support version, or comms/asterisk10 in the near
future.
NOTE NOTE NOTE
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein
app_milliwatt can potentially overrun a buffer on the stack, causing
Asterisk to crash. This does not have the potential for remote
code execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.23
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
Thank you for your continued support of Asterisk!
|
|
This is a security fix release. It fixes AST-2012-002 and AST-2012-003.
pkgsrc changes:
- adapt to having iLBC source code included
- fix building on Solaris
- adapt to new sound tarball
----- 10.2.0 -----
The Asterisk Development Team has announced the release of Asterisk 10.2.0.
The release of Asterisk 10.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---
* --- Include iLBC source code for distribution with Asterisk ---
* --- Fix callerid of originated calls ---
* --- Fix outbound DTMF for inband mode of chan_ooh323 ---
* --- Create and initialize udptl only when dialog requests image media ---
* --- Don't prematurely stop SIP session timer ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.2.0
Thank you for your continued support of Asterisk!
----- 10.2.1 -----
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.
First, they resolve the issue in app_milliwatt, wherein a buffer
can potentially be overrun on the stack, but no remote code execution
is possible. Second, they resolve an issue in HTTP AMI where digest
authentication information can be used to overrun a buffer on the
stack, allowing for code injection and execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.2.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-003.pdf
Thank you for your continued support of Asterisk!
|
|
pkgsrc changes: adapt to having iLBC coded included in the asterisk
tarball and newer version of sounds tarball.
----- 1.8.10.0 -----
The Asterisk Development Team has announced the release of Asterisk 1.8.10.0.
The release of Asterisk 1.8.10.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---
* --- Include iLBC source code for distribution with Asterisk ---
* --- Fix callerid of originated calls ---
* --- Fix outbound DTMF for inband mode of chan_ooh323 ---
* --- Create and initialize udptl only when dialog requests image media ---
* --- Don't prematurely stop SIP session timer ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.10.0
Thank you for your continued support of Asterisk!
----- 1.8.10.1 -----
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.
First, they resolve the issue in app_milliwatt, wherein a buffer
can potentially be overrun on the stack, but no remote code execution
is possible. Second, they resolve an issue in HTTP AMI where digest
authentication information can be used to overrun a buffer on the
stack, allowing for code injection and execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.10.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-003.pdf
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
|
|
|
|
|
|
The Asterisk Development Team has announced the release of Asterisk 10.1.3.
The release of Asterisk 10.1.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)
* --- Fix regressions with regards to route-set creation on early dialogs ---
(Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.3
Thank you for your continued support of Asterisk!
|
|
pkgsrc changes:
- maintain patch naming convention
- detect kqueue properly
The Asterisk Development Team has announced the release of Asterisk 1.8.9.3.
The release of Asterisk 1.8.9.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)
* --- Fix regressions with regards to route-set creation on early dialogs ---
(Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.3
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SunOS. Now it breaks because of tiff 4.0.
|
|
|
|
|
|
|
|
|
|
|
|
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix SIP INFO DTMF handling for non-numeric codes ---
(Closes issue ASTERISK-19290. Reported by: Ira Emus)
* --- Fix crash in ParkAndAnnounce ---
(Closes issue ASTERISK-19311. Reported-by: tootai)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.2
|
|
The release of Asterisk 1.8.9.2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolve
|
|
The release of Asterisk 1.8.9.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fixes deadlocks occuring in chan_agent ---
* --- Ensure entering T.38 passthrough does not cause an infinite loop ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.1
Thank you for your continued support of Asterisk!
|
|
The release of Asterisk 10.1.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fixes deadlocks occuring in chan_agent ---
* --- Ensure entering T.38 passthrough does not cause an infinite loop ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.1
Thank you for your continued support of Asterisk!
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)
Enjoy.
|
|
The Asterisk Development Team is pleased to announce the release of
Asterisk 10.1.0. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 10.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded. (closes issue ASTERISK-19202)
Reported by: Catalin Sanda
* Allow playback of formats that don't support seeking. ast_streamfile
previously did unconditional seeking on files that broke playback of
formats that don't support that functionality. This patch avoids the
seek that was causing the problem.
(closes issue ASTERISK-18994) Patched by: Timo Teras
* Add pjmedia probation concepts to res_rtp_asterisk's learning mode. In
order to better handle RTP sources with strictrtp enabled (which is the
default setting in 10) using the learning mode to figure out new sources
when they change is handled by checking for a number of consecutive (by
sequence number) packets received to an rtp struct based on a new
configurable value called 'probation'. Also, during learning mode instead
of liberally accepting all packets received, we now reject packets until a
clear source has been determined.
* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop. Failing
to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
* Fix timing source dependency issues with MOH. Prior to this patch,
res_musiconhold existed at the same module priority level as the timing
sources that it depends on. This would cause a problem when music on
hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
* Fix RTP reference leak. If a blind transfer were initiated using a
REFER without a prior reINVITE to place the call on hold, AND if Asterisk
were sending RTCP reports, then there was a reference leak for the
RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
* Fix blind transfers from failing if an 'h' extension
is present. This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
* Restore call progress code for analog ports. Extracting sig_analog
from chan_dahdi lost call progress detection functionality. Fix
analog ports from considering a call answered immediately after
dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
* Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.0
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team is pleased to announce the release of
Asterisk 1.8.9.0. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded. (closes issue ASTERISK-19202)
Reported by: Catalin Sanda
* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop. Failing
to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
* Fix timing source dependency issues with MOH. Prior to this patch,
res_musiconhold existed at the same module priority level as the timing
sources that it depends on. This would cause a problem when music on
hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
* Fix RTP reference leak. If a blind transfer were initiated using a
REFER without a prior reINVITE to place the call on hold, AND if Asterisk
were sending RTCP reports, then there was a reference leak for the
RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
* Fix blind transfers from failing if an 'h' extension
is present. This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
* Restore call progress code for analog ports. Extracting sig_analog
from chan_dahdi lost call progress detection functionality. Fix
analog ports from considering a call answered immediately after
dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
* Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.0
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
|
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
|
|
|
|
