diff options
| author |   Tony Vroon <chainsaw@gentoo.org> | 2018-10-17 09:26:36 +0100 |
|---|---|---|
| committer | Tony Vroon <chainsaw@gentoo.org> | 2018-10-17 09:29:28 +0100 |
| commit | 8979cd86bc10fb98bb70fc9a710d17912af73982 (patch) | |
| tree | 94730ce52dbfec2ec9460768c3e9c6b51f2d4a34 /net-misc/asterisk/Manifest | |
| parent | www-apps/grafana-bin: Add v5.3.1, remove v5.2.3 (diff) | |
| download | gentoo-8979cd86bc10fb98bb70fc9a710d17912af73982.tar.gz gentoo-8979cd86bc10fb98bb70fc9a710d17912af73982.tar.bz2 gentoo-8979cd86bc10fb98bb70fc9a710d17912af73982.zip | |
net-misc/asterisk: CVE-2018-12227, CVE-2018-17281
Version bump to 13.23.1 to address 2 security vulnerabilities.
CVE-2018-12227: PJSIP information disclosure
SIP requests blocked by ACL respond 403 for an endpoint that
exists and 401 for an endpoint that does not, allowing an
attacker to identify valid accounts.
CVE-2018-17281: HTTP websocket stack overflow
An attacker can exhaust available stack space and crash the
running Asterisk instance by sending a specially crafted HTTP
request to res_http_websocket.so
Bug: https://bugs.gentoo.org/668848
Signed-Off-By: Tony Vroon <chainsaw@gentoo.org>
Package-Manager: Portage-2.3.49, Repoman-2.3.11
Diffstat (limited to 'net-misc/asterisk/Manifest')
| -rw-r--r-- | net-misc/asterisk/Manifest | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net-misc/asterisk/Manifest b/net-misc/asterisk/Manifest index cbfd28fd353c..b5607f685a22 100644 --- a/net-misc/asterisk/Manifest +++ b/net-misc/asterisk/Manifest @@ -5,5 +5,6 @@ DIST asterisk-13.19.2.tar.gz 32991960 BLAKE2B 3b1f731fb68e2d455bfc76e863a8abbd89 DIST asterisk-13.20.0.tar.gz 32986236 BLAKE2B bc634d93ce4d0a6b524554fa35845a2f289035aea9e7da3098517cdd6d2c85c94482d393276937ea0bc7064260835757e5ffc048f10ea73ba9c0525fd1cf0457 SHA512 de3e740b0dc5bc90806282cbe16f5ec6d151c4a7520b965e6ed30e3cd88d3dc8aca1994c7ae929c039ad755688af6f09a825b665665aacb10cf2566eaa270ca5 DIST asterisk-13.21.0.tar.gz 32998111 BLAKE2B 7119c541efe80435db6b39571e25e24159b3929f075bd7fd8b1e3260a309bf1ab03599a79aea7d47c429af7e1553d1d89f348c55022e359a43b3fb98ee94882d SHA512 05b10017429a5c339bd50f7576e3198ffd6a71d698f7ad3f604d3e87b76f86da59841bad583c3d979e6e1b7a9fe9fba432c2a9c5faaa1e4dc48003228c637110 DIST asterisk-13.22.0.tar.gz 33036487 BLAKE2B 09febd1d9ca875b532dffb7e2be5bda0aa9b2aac22d39a28ee3270d5bcb46f56946549aa5d7c8159c00fdb5a7f36e6f5466d6ebfc93f39cb65276efe0bee52b9 SHA512 eb5416d6911aac474c4a1532b1452b0d05359e4150b2e03ba8ac7d5f5f8bfc837a1640fcf26dfa8452b3a738af37e5659f5db6680c16d3ff1ee6c785864c5d5c +DIST asterisk-13.23.1.tar.gz 33064056 BLAKE2B 7f531766df5f2db29b562e7c7d4e265d5cf610f192188691279c0294195b835bb62beef19d7e9554862e6b44764064b21d50a3e307bbf85dd12b67a2df8be459 SHA512 227bfc80b2e6382019d608296c4e1c8e992ba867636fa2c8ee578d0aa406b8828bf7962b24035d9b581c433afd18be7cbe98eb954112661b9759b6296ee686dd DIST gentoo-asterisk-patchset-3.17.tar.bz2 5074 BLAKE2B 3c945e77b54b2449253acb9fcea8d289a7a3184729190622c14aff5557d36c93556efa83320fe4e7ae84021960c09f35ae9f997e8015706eef933aae2948309e SHA512 37f86f3c699b2643afd8080391e817a282571694bb56e00efd0734918dbc33d6c12a2463dbc24667597420863b4f506870140fbb8ef3f1700124ef790ae7252d DIST gentoo-asterisk-patchset-4.07.tar.bz2 2471 BLAKE2B d9026e7e8c12431496c24f204d117ed715741623195af10c838ec3ac5ce6a26fbb2d76d4c45c538881b532084e2ce74d2de83a27a0abaa5f65791be91416ef6d SHA512 73a9f92e6a737687c311941100c45bbc573f54fa79d0284318996c0d70274a4d2218693406d71b371496d27123d4d99bbc159974388e6547a682c06084d3b4c5 |