CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2012/03/16 04:28:48
Modified files:
telephony/asterisk: Tag: OPENBSD_5_0 Makefile
Added files:
telephony/asterisk/patches: Tag: OPENBSD_5_0
patch-apps_app_milliwatt_c
patch-main_utils_c
Log message:
add upstream patches to asterisk in 5.0-stable to fix recent security problems:
AST-2012-002: stack buffer overflow (remote unauthenticated sessions).
requires a dialplan using the Milliwatt application with the 'o' option,
and internal_timing off. Affects all 1.4+ Asterisk versions.
AST-2012-003: stack buffer overflow (remote unauth'd sessions) in HTTP
manager interface; triggered by long digest authentication strings.
Code injection possibility. Affects 1.8+.
