Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) by www.NetBSD.org (Postfix) with ESMTP id 1F28963B88D for ; Fri, 15 Jun 2012 06:05:51 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id E911414A44C; Fri, 15 Jun 2012 06:05:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 5062D14A44A for ; Fri, 15 Jun 2012 06:05:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id urAybQbei5UY for ; Fri, 15 Jun 2012 06:05:47 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 86B1B14A43E for ; Fri, 15 Jun 2012 06:05:47 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 76141175DD; Fri, 15 Jun 2012 06:05:47 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Fri, 15 Jun 2012 06:05:47 +0000 From: "John Nemeth" Subject: CVS commit: pkgsrc/comms/asterisk10 To: pkgsrc-changes@NetBSD.org Reply-To: jnemeth@netbsd.org X-Mailer: log_accum Message-Id: <20120615060547.76141175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: jnemeth Date: Fri Jun 15 06:05:47 UTC 2012 Modified Files: pkgsrc/comms/asterisk10: Makefile distinfo Log Message: Update to Asterisk 10.5.1: this fixes AST-2012-009. The Asterisk Development Team has announced a security release for Asterisk 10. This security release is released as version 10.5.1. The release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 10.5.1 resolves the following issue: * A remotely exploitable crash vulnerability was found in the Skinny (SCCP) Channel driver. When an SCCP client sends an Off Hook message, followed by a Key Pad Button Message, a structure that was previously set to NULL is dereferenced. This allows remote authenticated connections the ability to cause a crash in the server, denying services to legitimate users. This issue and its resolution is described in the security advisory. For more information about the details of this vulnerability, please read security advisory AST-2012-009, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.1 The security advisory is available at: * http://downloads.asterisk.org/pub/security/AST-2012-009.pdf Thank you for your continued support of Asterisk! To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 pkgsrc/comms/asterisk10/Makefile cvs rdiff -u -r1.13 -r1.14 pkgsrc/comms/asterisk10/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.