diff --git a/.gitignore b/.gitignore index b4da8e1..bfbf0a0 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,5 @@ asterisk-1.8.0-beta3.tar.gz.asc /asterisk-1.8.3.3.tar.gz.asc /asterisk-1.8.4.2.tar.gz /asterisk-1.8.4.2.tar.gz.asc +/asterisk-1.8.4.3.tar.gz +/asterisk-1.8.4.3.tar.gz.asc diff --git a/asterisk.spec b/asterisk.spec index a0092b0..97da0a7 100644 --- a/asterisk.spec +++ b/asterisk.spec @@ -2,8 +2,8 @@ #global _beta 5 Summary: The Open Source PBX Name: asterisk -Version: 1.8.4.2 -Release: 2%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist} +Version: 1.8.4.3 +Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist} License: GPLv2 Group: Applications/Internet URL: http://www.asterisk.org/ @@ -1210,6 +1210,54 @@ fi %{_libdir}/asterisk/modules/app_voicemail_plain.so %changelog +* Fri Jun 24 2011 Jeffrey C. Ollie - 1.8.4.3-1 +- The Asterisk Development Team has announced the release of Asterisk versions +- 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases. +- +- These releases are available for immediate download at +- http://downloads.asterisk.org/pub/telephony/asterisk/releases +- +- The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several issues +- as outlined below: +- +- * AST-2011-008: If a remote user sends a SIP packet containing a null, +- Asterisk assumes available data extends past the null to the +- end of the packet when the buffer is actually truncated when +- copied. This causes SIP header parsing to modify data past +- the end of the buffer altering unrelated memory structures. +- This vulnerability does not affect TCP/TLS connections. +- -- Resolved in 1.6.2.18.1 and 1.8.4.3 +- +- * AST-2011-009: A remote user sending a SIP packet containing a Contact header +- with a missing left angle bracket (<) causes Asterisk to +- access a null pointer. +- -- Resolved in 1.8.4.3 +- +- * AST-2011-010: A memory address was inadvertently transmitted over the +- network via IAX2 via an option control frame and the remote party would try +- to access it. +- -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 +- +- The issues and resolutions are described in the AST-2011-008, AST-2011-009, and +- AST-2011-010 security advisories. +- +- For more information about the details of these vulnerabilities, please read +- the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were +- released at the same time as this announcement. +- +- For a full list of changes in the current releases, please see the ChangeLog: +- +- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.1 +- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.1 +- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.3 +- +- Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available +- at: +- +- http://downloads.asterisk.org/pub/security/AST-2011-008.pdf +- http://downloads.asterisk.org/pub/security/AST-2011-009.pdf +- http://downloads.asterisk.org/pub/security/AST-2011-010.pdf + * Tue Jun 21 2011 Jeffrey C. Ollie - 1.8.4.2-2 - Convert to systemd diff --git a/sources b/sources index edf6f0c..6f59124 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -930ce297119e9feb201779d524653371 asterisk-1.8.4.2.tar.gz -6a694b967a5cc6cdb5b5a34ed97c2a3a asterisk-1.8.4.2.tar.gz.asc +bae6240682736ebbcd3596bc6cc1ad14 asterisk-1.8.4.3.tar.gz +7fbeb8063157220da4a473505e4f617d asterisk-1.8.4.3.tar.gz.asc