CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2019/07/12 09:58:44
Modified files:
telephony/asterisk: Tag: OPENBSD_6_5 Makefile distinfo
telephony/asterisk/patches: Tag: OPENBSD_6_5
patch-build_tools_cflags_xml
patch-res_res_odbc_c
patch-res_res_pjsip_pjsip_options_c
patch-res_res_pjsip_registrar_c
patch-third-party_pjproject_Makefile
telephony/asterisk/pkg: Tag: OPENBSD_6_5 PLIST-main
Log message:
MFC update to asterisk-16.4.1
AST-2019-002: Remote crash vulnerability with MESSAGE messages:
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver:
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
endpoint to switch it to T.38. If the endpoint responds with an improperly
formatted SDP answer including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer or user a crash will
occur. The code incorrectly assumes that there will be at least one common
codec when T.38 is also in the SDP answer.
