On 2014/06/12 16:39, Stuart Henderson wrote: > CVSROOT: /cvs > Module name: ports > Changes by: [email protected] 2014/06/12 16:39:12 > > Modified files: > telephony/asterisk: Makefile distinfo > telephony/asterisk/patches: patch-channels_chan_sip_c > telephony/asterisk/pkg: PLIST-main > > Log message: > SECURITY update to asterisk 11.10.1 > > - AST-2014-006: MixMonitor manager action allows arbitrary shell commands > to be called from AMI (management interface) users without having proper > permissions. > > - AST-2014-007: add a timeout to mitigate possible DoS on http interface > (connecting but making no request ties up a connection) >
If anyone wants to beat me to a -stable diff, the relevant patches are here: http://downloads.asterisk.org/pub/security/AST-2014-007-11.diff http://downloads.asterisk.org/pub/security/AST-2014-006-11.diff otherwise I'll try and handle that tomorrow.
