CVSROOT:        /cvs
Module name:    ports
Changes by:     st...@cvs.openbsd.org   2012/04/11 09:12:47

Modified files:
        telephony/asterisk: Tag: OPENBSD_5_1 Makefile distinfo 
        telephony/asterisk/patches: Tag: OPENBSD_5_1 patch-bootstrap_sh 
                                    patch-channels_chan_unistim_c 
                                    patch-configure_ac 
        telephony/asterisk/pkg: Tag: OPENBSD_5_1 DESCR-main PLIST-main 
Added files:
        telephony/asterisk/patches: Tag: OPENBSD_5_1 
                                    patch-addons_chan_ooh323_c 
                                    patch-addons_chan_ooh323_h 
                                    patch-pbx_pbx_spool_c 
Removed files:
        telephony/asterisk/patches: Tag: OPENBSD_5_1 
                                    patch-channels_h323_ast_h323_cxx 
                                    patch-channels_h323_ast_h323_h 
                                    patch-main_asterisk_c 

Log message:
MFC update to asterisk 1.8.11.0, relative to previous version this
includes fixes for various crash/deadlock problems and the following
SECURITY problems:

AST-2012-002: stack buffer overflow (remote unauthenticated sessions).
requires a dialplan using the Milliwatt application with the 'o' option,
and internal_timing off.  Affects all 1.4+ Asterisk versions.

AST-2012-003: stack buffer overflow (remote unauth'd sessions) in HTTP
manager interface; triggered by long digest authentication strings.
Code injection possibility.  Affects 1.8+.

Reply via email to