Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id 0317463D5B2 for ; Mon, 17 Oct 2011 23:40:54 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id D10E214A14B; Mon, 17 Oct 2011 23:40:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 47A4014A147 for ; Mon, 17 Oct 2011 23:40:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id HcTMZ0Gx0WlK for ; Mon, 17 Oct 2011 23:40:50 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 979EC14A136 for ; Mon, 17 Oct 2011 23:40:50 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 7E711175DD; Mon, 17 Oct 2011 23:40:50 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Mon, 17 Oct 2011 23:40:50 +0000 From: "John Nemeth" Subject: CVS commit: pkgsrc/comms/asterisk18 To: pkgsrc-changes@NetBSD.org Reply-To: jnemeth@netbsd.org X-Mailer: log_accum Message-Id: <20111017234050.7E711175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: jnemeth Date: Mon Oct 17 23:40:50 UTC 2011 Modified Files: pkgsrc/comms/asterisk18: Makefile PLIST distinfo Log Message: Update to 1.8.7.1 -- this update fixes AST-2011-012 pkgsrc change: now what sqlite3 has been imported into NetBSD, enable it Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash Susceptibility Remote authenticated sessions Severity Critical Exploits Known No Reported On October 4, 2011 Reported By Ehsan Foroughi Posted On October 17, 2011 Last Updated On October 17, 2011 Advisory Contact Terry Wilson CVE Name CVE-2011-4063 Description A remote authenticated user can cause a crash with a malformed request due to an unitialized variable. Resolution Ensure variables are initialized in all cases when parsing the request. Affected Versions Product Release Series Asterisk Open Source 1.8.x All versions Asterisk Open Source 10.x All versions (currently in beta) Corrected In Product Release Asterisk Open Source 1.8.7.1, 10.0.0-rc1 Patches Download URL Revision http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8 http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10 Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-012.pdf and http://downloads.digium.com/pub/security/AST-2011-012.html Revision History Date Editor Revisions Made Asterisk Project Security Advisory - AST-2011-012 Copyright (c) 2011 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 pkgsrc/comms/asterisk18/Makefile cvs rdiff -u -r1.8 -r1.9 pkgsrc/comms/asterisk18/PLIST cvs rdiff -u -r1.13 -r1.14 pkgsrc/comms/asterisk18/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.