Date: Wed, 14 Nov 2018 17:54:24 +0000 (UTC) From: Guido Falsi <madpilot@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r484934 - head/security/vuxml Message-ID: <201811141754.wAEHsOdE049064@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: madpilot Date: Wed Nov 14 17:54:24 2018 New Revision: 484934 URL: https://svnweb.freebsd.org/changeset/ports/484934 Log: Document recent asterisk vulneraability. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Nov 14 16:03:21 2018 (r484933) +++ head/security/vuxml/vuln.xml Wed Nov 14 17:54:24 2018 (r484934) @@ -58,6 +58,39 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="c6fb2734-e835-11e8-b14b-001999f8d30b"> + <topic>asterisk -- Remote crash vulnerability DNS SRV and NAPTR lookups</topic> + <affects> + <package> + <name>asterisk15</name> + <range><lt>15.6.1</lt></range> + </package> + <package> + <name>asterisk16</name> + <range><lt>16.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Asterisk project reports:</p> + <blockquote cite="http://www.asterisk.org/downloads/security-advisories">; + <p>There is a buffer overflow vulnerability in dns_srv + and dns_naptr functions of Asterisk that allows an attacker + to crash Asterisk via a specially crafted DNS SRV or NAPTR + response. The attackers request causes Asterisk to segfault + and crash.</p> + </blockquote> + </body> + </description> + <references> + <url>https://downloads.asterisk.org/pub/security/AST-2018-010.html</url>; + </references> + <dates> + <discovery>2018-10-23</discovery> + <entry>2018-11-14</entry> + </dates> + </vuln> + <vuln vid="b69292e8-e798-11e8-ae07-6451062f0f7a"> <topic>Flash Player -- information disclosure</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811141754.wAEHsOdE049064>