./comms/asterisk, The Asterisk Software PBX

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2013Q1, Version: 11.2.2, Package name: asterisk-11.2.2, Maintainer: jnemeth

Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).

NOTE: This version does not work with the zaptel drivers. It
requires the newer DAHDI drivers which are still being ported.
So, there is no hardware support available at this moment.


Required to run:
[www/curl] [lang/perl5] [textproc/libxml2] [textproc/iksemel] [audio/speex]

Required to build:
[devel/bison] [devel/gmake] [devel/pkg-config]

Package options: jabber, ldap, speex

Master sites: (Expand)


Version history: (Expand)


CVS history: (Expand)


   2013-04-12 00:12:56 by Matthias Scheler | Files touched by this commit (6) | Package updated
Log message:
Pullup ticket #4116 - requested by jnemeth
comms/asterisk: security update
comms/asterisk10: security update
comms/asterisk18: security update

Revisions pulled up:
- comms/asterisk/Makefile                                       1.84
- comms/asterisk/distinfo                                       1.54
- comms/asterisk10/Makefile                                     1.43
- comms/asterisk10/distinfo                                     1.26
- comms/asterisk18/Makefile                                     1.61
- comms/asterisk18/distinfo                                     1.44

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Wed Apr 10 05:24:39 UTC 2013

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo

   Log message:
   Update to Asterisk 1.2.20.2: this is a security update which fixes
   AST-2013-001, AST-2013-002, and AST-2013-003.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
   are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
   and 11.2.2.

   The release of these versions resolve the following issues:

   * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
     in January of this year, contained a fix for Asterisk's HTTP server for a
     remotely-triggered crash. While the fix prevented the crash from being
     triggered, a denial of service vector still exists with that solution if an
     attacker sends one or more HTTP POST requests with very large Content-Length
     values.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   * A potential username disclosure exists in the SIP channel driver. When
     authenticating a SIP request with alwaysauthreject enabled, allowguest
     disabled, and autocreatepeer disabled, Asterisk discloses whether a user
     exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   These issues and their resolutions are described in the security advisories.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
   released at the same time as this announcement.

   For a full list of changes in the current releases, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Wed Apr 10 05:27:08 UTC 2013

   Modified Files:
           pkgsrc/comms/asterisk10: Makefile distinfo

   Log message:
   Update to Asterisk 10.12.2:  this is a security update which fixes
   AST-2013-001, AST-2013-002, and AST-2013-003.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
   are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
   and 11.2.2.

   The release of these versions resolve the following issues:

   * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
     in January of this year, contained a fix for Asterisk's HTTP server for a
     remotely-triggered crash. While the fix prevented the crash from being
     triggered, a denial of service vector still exists with that solution if an
     attacker sends one or more HTTP POST requests with very large Content-Length
     values.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   * A potential username disclosure exists in the SIP channel driver. When
     authenticating a SIP request with alwaysauthreject enabled, allowguest
     disabled, and autocreatepeer disabled, Asterisk discloses whether a user
     exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   These issues and their resolutions are described in the security advisories.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
   released at the same time as this announcement.

   For a full list of changes in the current releases, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Wed Apr 10 05:28:56 UTC 2013

   Modified Files:
           pkgsrc/comms/asterisk: Makefile distinfo

   Log message:
   Update to Asterisk 11.2.2:  this is a security update which fixes
   AST-2013-001, AST-2013-002, and AST-213-003.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
   are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
   and 11.2.2.

   The release of these versions resolve the following issues:

   * A possible buffer overflow during H.264 format negotiation. The format
     attribute resource for H.264 video performs an unsafe read against a media
     attribute when parsing the SDP.

     This vulnerability only affected Asterisk 11.

   * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
     in January of this year, contained a fix for Asterisk's HTTP server for a
     remotely-triggered crash. While the fix prevented the crash from being
     triggered, a denial of service vector still exists with that solution if an
     attacker sends one or more HTTP POST requests with very large Content-Length
     values.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   * A potential username disclosure exists in the SIP channel driver. When
     authenticating a SIP request with alwaysauthreject enabled, allowguest
     disabled, and autocreatepeer disabled, Asterisk discloses whether a user
     exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   These issues and their resolutions are described in the security advisories.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
   released at the same time as this announcement.

   For a full list of changes in the current releares, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

   Thank you for your continued support of Asterisk!