---
- branch: MAIN
  date: Mon Oct 17 23:40:50 UTC 2011
  files:
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/comms/asterisk18/Makefile
    pathrev: pkgsrc/comms/asterisk18/Makefile@1.15
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/comms/asterisk18/PLIST
    pathrev: pkgsrc/comms/asterisk18/PLIST@1.9
    type: modified
  - new: '1.14'
    old: '1.13'
    path: pkgsrc/comms/asterisk18/distinfo
    pathrev: pkgsrc/comms/asterisk18/distinfo@1.14
    type: modified
  id: 20111017T234050Z.511609faba25a4b51514e1fa84c35c523d9c273f
  log: |
    Update to 1.8.7.1 -- this update fixes AST-2011-012

    pkgsrc change:  now what sqlite3 has been imported into NetBSD, enable it

                   Asterisk Project Security Advisory - AST-2011-012

              Product         Asterisk
              Summary         Remote crash vulnerability in SIP channel driver
         Nature of Advisory   Remote crash
           Susceptibility     Remote authenticated sessions
              Severity        Critical
           Exploits Known     No
            Reported On       October 4, 2011
            Reported By       Ehsan Foroughi
             Posted On        October 17, 2011
          Last Updated On     October 17, 2011
          Advisory Contact    Terry Wilson <twilson@digium.com>
              CVE Name        CVE-2011-4063

        Description  A remote authenticated user can cause a crash with a
                     malformed request due to an unitialized variable.

        Resolution  Ensure variables are initialized in all cases when parsing
                    the request.

                                   Affected Versions
               Product         Release Series
        Asterisk Open Source       1.8.x       All versions
        Asterisk Open Source        10.x       All versions (currently in beta)

                                      Corrected In
                      Product                              Release
                Asterisk Open Source                 1.8.7.1, 10.0.0-rc1

                                        Patches
                                 Download URL                           Revision
       http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
       http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff  10

                Links

        Asterisk Project Security Advisories are posted at
        http://www.asterisk.org/security

        This document may be superseded by later versions; if so, the latest
        version will be posted at
        http://downloads.digium.com/pub/security/AST-2011-012.pdf and
        http://downloads.digium.com/pub/security/AST-2011-012.html

                                    Revision History
               Date                 Editor                 Revisions Made

                   Asterisk Project Security Advisory - AST-2011-012
                  Copyright (c) 2011 Digium, Inc. All Rights Reserved.
      Permission is hereby granted to distribute and publish this advisory in its
                               original, unaltered form.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/comms/asterisk18'
  unixtime: '1318894850'
  user: jnemeth