Thu Aug 29 03:00:47 2013 UTC ()
Update to Asterisk 1.8.23.1: this is a security fix release to fix
AST-2013-004 and AST-2013-005.

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.

The release of these versions resolve the following issues:

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an ACK with SDP is received after the channel
  has been terminated.  The handling code incorrectly assumes that
  the channel will always be present.

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an invalid SDP is sent in a SIP request that
  defines media descriptions before connection information. The
  handling code incorrectly attempts to reference the socket address
  information even though that information has not yet been set.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.23.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-005.pdf

Thank you for your continued support of Asterisk!


(jnemeth)
diff -r1.72 -r1.73 pkgsrc/comms/asterisk18/Makefile
diff -r1.48 -r1.49 pkgsrc/comms/asterisk18/distinfo
cvs diff -r1.72 -r1.73 pkgsrc/comms/asterisk18/Makefile (expand / switch to unified diff)

--- pkgsrc/comms/asterisk18/Makefile 2013/07/21 17:20:26 1.72
+++ pkgsrc/comms/asterisk18/Makefile 2013/08/29 03:00:47 1.73
@@ -1,19 +1,19 @@ @@ -1,19 +1,19 @@
1# $NetBSD: Makefile,v 1.72 2013/07/21 17:20:26 jnemeth Exp $ 1# $NetBSD: Makefile,v 1.73 2013/08/29 03:00:47 jnemeth Exp $
2# 2#
3# NOTE: when updating this package, there are two places that sound 3# NOTE: when updating this package, there are two places that sound
4# tarballs need to be checked 4# tarballs need to be checked
5 5
6DISTNAME= asterisk-1.8.23.0 6DISTNAME= asterisk-1.8.23.1
7DIST_SUBDIR= ${PKGNAME_NOREV} 7DIST_SUBDIR= ${PKGNAME_NOREV}
8DISTFILES= ${DEFAULT_DISTFILES} 8DISTFILES= ${DEFAULT_DISTFILES}
9EXTRACT_ONLY= ${DISTNAME}.tar.gz 9EXTRACT_ONLY= ${DISTNAME}.tar.gz
10CATEGORIES= comms net audio 10CATEGORIES= comms net audio
11MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ 11MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \
12 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ 12 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
13 http://downloads.asterisk.org/pub/telephony/sounds/releases/ 13 http://downloads.asterisk.org/pub/telephony/sounds/releases/
14 14
15OWNER= jnemeth@NetBSD.org 15OWNER= jnemeth@NetBSD.org
16HOMEPAGE= http://www.asterisk.org/ 16HOMEPAGE= http://www.asterisk.org/
17COMMENT= The Asterisk Software PBX 17COMMENT= The Asterisk Software PBX
18LICENSE= gnu-gpl-v2 18LICENSE= gnu-gpl-v2
19 19
cvs diff -r1.48 -r1.49 pkgsrc/comms/asterisk18/distinfo (expand / switch to unified diff)

--- pkgsrc/comms/asterisk18/distinfo 2013/07/21 17:20:26 1.48
+++ pkgsrc/comms/asterisk18/distinfo 2013/08/29 03:00:47 1.49
@@ -1,21 +1,21 @@ @@ -1,21 +1,21 @@
1$NetBSD: distinfo,v 1.48 2013/07/21 17:20:26 jnemeth Exp $ 1$NetBSD: distinfo,v 1.49 2013/08/29 03:00:47 jnemeth Exp $
2 2
3SHA1 (asterisk-1.8.23.0/asterisk-1.8.23.0.tar.gz) = 7e92a8e86b78e5c0e27d247ea8ea671cae74c829 3SHA1 (asterisk-1.8.23.1/asterisk-1.8.23.1.tar.gz) = 73397fa1a6b4a3cd52e0a3cd4488bfeaea4dcf0c
4RMD160 (asterisk-1.8.23.0/asterisk-1.8.23.0.tar.gz) = cdc9d21b02358468445bc9608b177e45adff8b97 4RMD160 (asterisk-1.8.23.1/asterisk-1.8.23.1.tar.gz) = ef0dda15a243f72d19dd56eb5e0f96ddd33852e7
5Size (asterisk-1.8.23.0/asterisk-1.8.23.0.tar.gz) = 25278124 bytes 5Size (asterisk-1.8.23.1/asterisk-1.8.23.1.tar.gz) = 25270506 bytes
6SHA1 (asterisk-1.8.23.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 3aac6cf4a07cb2644b7b5369c618b07561619f9f 6SHA1 (asterisk-1.8.23.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 3aac6cf4a07cb2644b7b5369c618b07561619f9f
7RMD160 (asterisk-1.8.23.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 5dc9696c54d2233cf74835fe7ccd2c1791f20041 7RMD160 (asterisk-1.8.23.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 5dc9696c54d2233cf74835fe7ccd2c1791f20041
8Size (asterisk-1.8.23.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 4407925 bytes 8Size (asterisk-1.8.23.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 4407925 bytes
9SHA1 (patch-aa) = 832f1c043b15198e0a286094dd0cc1a251bcfed0 9SHA1 (patch-aa) = 832f1c043b15198e0a286094dd0cc1a251bcfed0
10SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab 10SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab
11SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39 11SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39
12SHA1 (patch-ak) = f8d5de733807bc6c0701886a3095901d6815a8bd 12SHA1 (patch-ak) = f8d5de733807bc6c0701886a3095901d6815a8bd
13SHA1 (patch-al) = b2a1134786d7c3b118ee8c47892f91dd2a4c783a 13SHA1 (patch-al) = b2a1134786d7c3b118ee8c47892f91dd2a4c783a
14SHA1 (patch-am) = 5f9cbf47ec1cb66758492a5ed1bf843006eae9b7 14SHA1 (patch-am) = 5f9cbf47ec1cb66758492a5ed1bf843006eae9b7
15SHA1 (patch-an) = 93a5df66fd6459fb76e9191dc3bf37b9ee5483b5 15SHA1 (patch-an) = 93a5df66fd6459fb76e9191dc3bf37b9ee5483b5
16SHA1 (patch-ao) = aa95464a8bd4a417f313541b465142d2e4c3ee47 16SHA1 (patch-ao) = aa95464a8bd4a417f313541b465142d2e4c3ee47
17SHA1 (patch-ap) = bfb7b15224571f86a78fa7787f29002eb0c5d352 17SHA1 (patch-ap) = bfb7b15224571f86a78fa7787f29002eb0c5d352
18SHA1 (patch-aq) = ac3e937c5ec1f2b8edd7343d47247274e0dae8c7 18SHA1 (patch-aq) = ac3e937c5ec1f2b8edd7343d47247274e0dae8c7
19SHA1 (patch-ar) = 04c76c54d3962a4eae5bc69bf946fc8ea2c3427f 19SHA1 (patch-ar) = 04c76c54d3962a4eae5bc69bf946fc8ea2c3427f
20SHA1 (patch-as) = b2e1aadf49f20506243ab40796f15aab12d95bad 20SHA1 (patch-as) = b2e1aadf49f20506243ab40796f15aab12d95bad
21SHA1 (patch-at) = df318d7b492121ff6f766b0e6ea73415293e96f0 21SHA1 (patch-at) = df318d7b492121ff6f766b0e6ea73415293e96f0