--- - branch: pkgsrc-2010Q4 date: Tue Jan 25 12:43:16 UTC 2011 files: - new: 1.27.2.1 old: '1.27' path: pkgsrc/comms/asterisk16/Makefile pathrev: pkgsrc/comms/asterisk16/Makefile@1.27.2.1 type: modified - new: 1.18.2.1 old: '1.18' path: pkgsrc/comms/asterisk16/distinfo pathrev: pkgsrc/comms/asterisk16/distinfo@1.18.2.1 type: modified - new: 1.9.2.1 old: '1.9' path: pkgsrc/comms/asterisk16/patches/patch-aq pathrev: pkgsrc/comms/asterisk16/patches/patch-aq@1.9.2.1 type: modified id: 20110125T124316Z.43e1b3c51f2211d37876ef4d619b6456ab95b44e log: "Pullup ticket #3335 - requested by gls\ncomms/asterisk16: security update\n\nRevisions pulled up:\n- comms/asterisk16/Makefile\t\t\t1.28-1.29\n- comms/asterisk16/distinfo\t\t\t1.19-1.20\n- comms/asterisk16/patches/patch-aq\t\t1.10\n---\nModule Name:\tpkgsrc\nCommitted By:\tjnemeth\nDate:\t\tSun Jan 16 06:30:57 UTC 2011\n\nModified Files:\n\tpkgsrc/comms/asterisk16: Makefile distinfo\n\tpkgsrc/comms/asterisk16/patches: patch-aq\n\nLog Message:\nUpdate to 1.6.2.16:\n\nThe release of Asterisk 1.6.2.16 resolves several issues reported by the\ncommunity and would have not been possible without your participation.\nThank you!\n\nThe following is a sample of the issues resolved in this release:\n\n* Fix cache of device state changes for multiple servers.\n (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched,\ntested\n by russellb)\n\n* Resolve issue where channel redirect function (CLI or AMI) hangs up\nthe call\n \ instead of redirecting the call.\n (Closes issue #18171. Reported by: SantaFox)\n \ (Closes issue #18185. Reported by: kwemheuer)\n (Closes issue #18211. Reported by: zahir_koradia)\n (Closes issue #18230. Reported by: vmarrone)\n (Closes issue #18299. Reported by: mbrevda)\n (Closes issue #18322. Reported by: nerbos)\n\n* Linux and *BSD disagree on the elements within the ucred structure. Detect\n which one is in use on the system.\n (Closes issue #18384. Reported, patched, tested by bjm, tilghman)\n\n* app_followme: Don't create a Local channel if the target extension\ndoes not\n exist.\n (Closes issue #18126. Reported, patched by junky)\n\n* Revert code that changed SSRC for DTMF.\n (Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou.\nrsw686.\n Tested by cmbaker82)\n\n* Resolve issue where REGISTER request with a Call-ID matching an existing\n transaction is received it was possible that the REGISTER request would\n overwrite the initreq of the private structure.\n (Closes issue #18051. Reported by eeman. Patched, tested by twilson)\n\nFor a full list of changes in this release, please see the ChangeLog:\n\nhttp://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16\n---\nModule Name:\tpkgsrc\nCommitted By:\tjnemeth\nDate:\t\tFri Jan 21 05:13:12 UTC 2011\n\nModified Files:\n\tpkgsrc/comms/asterisk16: Makefile distinfo\n\nLog Message:\nUpdate to 1.6.2.16.1\n\nThis is to fix AST-2011-001: Stack buffer overflow in SIP channel driver\n\n Asterisk Project Security Advisory - AST-2011-001\n\n \ Product Asterisk\n Summary Stack buffer overflow in SIP channel driver\n Nature of Advisory Exploitable Stack Buffer Overflow\n \ Susceptibility Remote Authenticated Sessions\n Severity Moderate\n \ Exploits Known No\n Reported On January 11, 2011\n Reported By Matthew Nicholson\n Posted On January 18, 2011\n Last Updated On January 18, 2011\n Advisory Contact Matthew Nicholson \n CVE Name\n\n Description When forming an outgoing SIP request while in pedantic\nmode, a\n stack buffer can be made to overflow if supplied with\n carefully crafted caller ID information. This vulnerability\n also affects the URIENCODE dialplan function and in some\n versions of asterisk, the AGI dialplan application as well..\n The ast_uri_encode function does not properly respect the\nsize\n of its output buffer and can write past the end of it when\n encoding URIs.\n\nFor full details, see:\n\nhttp://downloads.digium.com/pub/security/AST-2011-001.html\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2010Q4] pkgsrc/comms/asterisk16' unixtime: '1295959396' user: tron