ports/117270: [UPDATE] net/asterisk-addons to 1.4.4
Vladimir Korkodinov
viper at perm.raid.ru
Wed Oct 17 12:40:01 UTC 2007
>Number: 117270
>Category: ports
>Synopsis: [UPDATE] net/asterisk-addons to 1.4.4
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 17 12:40:01 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Vladimir Korkodinov
>Release: 6.2-STABLE
>Organization:
>Environment:
FreeBSD monitor4 6.2-STABLE FreeBSD 6.2-STABLE #3: Mon Oct 15 16:34:50 YEKST 2007 root at monitor4:/usr/obj/usr/src/sys/viper2 i386
>Description:
Here a patch to update net/asterisk-addons to 1.4.4
It corrects the bug(http://downloads.digium.com/pub/asa/AST-2007-023.pdf)
"Asterisk Project Security Advisory - AST-2007-023
Susceptibility | Remote Unauthenticated Sessions
Description
The source and destination numbers for a given call are
not correctly escaped by the cdr_addon_mysql module when
inserting a record. Therefore, a carefully crafted
destination number sent to an Asterisk system running
cdr_addon_mysql could escape out of a SQL data field and
create another query. This vulnerability is made all the
more severe if a user were using realtime data, since
the data may exist in the same database as the inserted
call detail record, thus creating all sorts of possible
data corruption and invalidation issues."
>How-To-Repeat:
>Fix:
Apply patch
Patch attached with submission follows:
diff -ruN asterisk-addons.old/Makefile asterisk-addons/Makefile
--- asterisk-addons.old/Makefile 2007-07-28 15:16:08.000000000 +0600
+++ asterisk-addons/Makefile 2007-10-17 17:36:19.000000000 +0600
@@ -6,7 +6,7 @@
#
PORTNAME= asterisk-addons
-PORTVERSION= 1.4.2
+PORTVERSION= 1.4.4
CATEGORIES= net
MASTER_SITES= http://ftp.digium.com/pub/asterisk/releases/
diff -ruN asterisk-addons.old/distinfo asterisk-addons/distinfo
--- asterisk-addons.old/distinfo 2007-07-06 08:24:25.000000000 +0600
+++ asterisk-addons/distinfo 2007-10-17 17:36:26.000000000 +0600
@@ -1,3 +1,3 @@
-MD5 (asterisk-addons-1.4.2.tar.gz) = c080b02e6ddc81dab6a64691af890805
-SHA256 (asterisk-addons-1.4.2.tar.gz) = 6d12a1a73cfe0cb14c960e422d0d3c261740857d2a86785f08cf89d44574cc82
-SIZE (asterisk-addons-1.4.2.tar.gz) = 1000286
+MD5 (asterisk-addons-1.4.4.tar.gz) = a25f4908ea122eeee4df7e0697fe5dfb
+SHA256 (asterisk-addons-1.4.4.tar.gz) = 888fe9ac84862b887e78f8ec4a83bc891897702ab123f05309ff117e55b6645b
+SIZE (asterisk-addons-1.4.4.tar.gz) = 1002173
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list