rpms/asterisk/F-11 .cvsignore, 1.27, 1.28 Makefile, 1.3, 1.4 asterisk.spec, 1.60, 1.61 sources, 1.28, 1.29

Jeffrey C. Ollie jcollie at fedoraproject.org
Tue Mar 2 16:54:12 UTC 2010 

Author: jcollie

Update of /cvs/pkgs/rpms/asterisk/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21049

Modified Files:
	.cvsignore Makefile asterisk.spec sources 
Log Message:
* Mon Mar  1 2010 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.1.17-1
- Update to 1.6.1.17
- 
- * AST-2010-003: Invalid parsing of ACL rules can compromise security
- * AST-2010-002: This security release is intended to raise awareness
-   of how it is possible to insert malicious strings into dialplans,
-   and to advise developers to read the best practices documents so
-   that they may easily avoid these dangers.
- * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can
-   remotely crash Asterisk by modifying the FaxMaxDatagram field of 
-   the SDP to contain either a negative or exceptionally large value.
-   The same crash occurs when the FaxMaxDatagram field is omitted from 
-   the SDP as well.



Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/asterisk/F-11/.cvsignore,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -p -r1.27 -r1.28
--- .cvsignore	8 Jan 2010 17:36:59 -0000	1.27
+++ .cvsignore	2 Mar 2010 16:54:12 -0000	1.28
@@ -1,2 +1,2 @@
-asterisk-1.6.1.12.tar.gz
-asterisk-1.6.1.12.tar.gz.asc
+asterisk-1.6.1.17.tar.gz
+asterisk-1.6.1.17.tar.gz.asc




Index: asterisk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/asterisk/F-11/asterisk.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -p -r1.60 -r1.61
--- asterisk.spec	8 Jan 2010 17:37:00 -0000	1.60
+++ asterisk.spec	2 Mar 2010 16:54:12 -0000	1.61
@@ -1,7 +1,7 @@
 #define _rc 2
 Summary: The Open Source PBX
 Name: asterisk
-Version: 1.6.1.12
+Version: 1.6.1.17
 Release: 1%{?_rc:.rc%{_rc}}%{?dist}
 License: GPLv2
 Group: Applications/Internet
@@ -67,7 +67,7 @@ Requires: latex2html
 
 # asterisk-conference package removed since patch no longer compiles
 Obsoletes: asterisk-conference <= 1.6.0-0.14.beta9
-Obsoletes: asterisk-mobile < 1.6.1.0-1
+Obsoletes: asterisk-mobile <= 1.6.1-0.23.rc1
 Obsoletes: asterisk-firmware < 1.6.1.9-1
 
 %description
@@ -991,9 +991,22 @@ fi
 %{_libdir}/asterisk/modules/app_voicemail_plain.so
 
 %changelog
+* Mon Mar  1 2010 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.1.17-1
+- Update to 1.6.1.17
+- 
+- * AST-2010-003: Invalid parsing of ACL rules can compromise security
+- * AST-2010-002: This security release is intended to raise awareness
+-   of how it is possible to insert malicious strings into dialplans,
+-   and to advise developers to read the best practices documents so
+-   that they may easily avoid these dangers.
+- * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can
+-   remotely crash Asterisk by modifying the FaxMaxDatagram field of 
+-   the SDP to contain either a negative or exceptionally large value.
+-   The same crash occurs when the FaxMaxDatagram field is omitted from 
+-   the SDP as well.
+
 * Mon Dec 21 2009 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.1.12-1
 - Update to 1.6.1.12
-- Fix obsoletes for asterisk-mobile
 
 * Mon Nov 30 2009 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.1.11-1
 - Update to 1.6.1.11 to fix AST-2009-010/CVE-2009-4055


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/asterisk/F-11/sources,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -p -r1.28 -r1.29
--- sources	8 Jan 2010 17:37:00 -0000	1.28
+++ sources	2 Mar 2010 16:54:12 -0000	1.29
@@ -1,2 +1,2 @@
-d6bc1448b8fa274a2acaef1b15f4d485  asterisk-1.6.1.12.tar.gz
-979da3e2e0a11824298c2af332b9c9e7  asterisk-1.6.1.12.tar.gz.asc
+969b9a63e3b20e22c8b3b38510aca95b  asterisk-1.6.1.17.tar.gz
+e0f910332100c712979be2743e5b9f82  asterisk-1.6.1.17.tar.gz.asc

More information about the scm-commits mailing list