CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2018/06/12 09:52:49
Modified files:
telephony/asterisk: Tag: OPENBSD_6_3 Makefile distinfo
telephony/asterisk/patches: Tag: OPENBSD_6_3
patch-build_tools_cflags_xml
patch-contrib_scripts_ast_coredumper
patch-third-party_pjproject_source_pjlib_src_pj_ssl_sock_ossl_c
patch-utils_Makefile
telephony/asterisk/pkg: Tag: OPENBSD_6_3 PLIST-main
Added files:
telephony/asterisk/patches: Tag: OPENBSD_6_3
patch-res_res_pjsip_location_c
patch-res_res_pjsip_registrar_c
Removed files:
telephony/asterisk/patches: Tag: OPENBSD_6_3 patch-configure_ac
Log message:
update to asterisk-13.21.1
AST-2018-007: Infinite loop when reading iostreams
When connected to Asterisk via TCP/TLS if the client abruptly
disconnects, or sends a specially crafted message then Asterisk
gets caught in an infinite loop while trying to read the data stream.
Thus rendering the system as unusable.
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
When endpoint specific ACL rules block a SIP request they respond with
a 403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to
gain access to the disclosed endpoints.
