Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Nov 2014 11:07:00 +0000 (UTC)
From:      Guido Falsi <madpilot@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r372986 - head/security/vuxml
Message-ID:  <201411211107.sALB70C0009790@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: madpilot
Date: Fri Nov 21 11:06:59 2014
New Revision: 372986
URL: https://svnweb.freebsd.org/changeset/ports/372986
QAT: https://qat.redports.org/buildarchive/r372986/

Log:
  Document multiple vulnerabilities in asterisk ports.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Nov 21 10:06:38 2014	(r372985)
+++ head/security/vuxml/vuln.xml	Fri Nov 21 11:06:59 2014	(r372986)
@@ -57,6 +57,68 @@ Notes:
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="7bfd797c-716d-11e4-b008-001999f8d30b">
+    <topic>asterisk -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>asterisk11</name>
+	<range><lt>11.14.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The Asterisk project reports:</p>
+	<blockquote cite="http://www.asterisk.org/downloads/security-advisories">;
+	  <p>AST-2014-014 - High call load may result in hung
+	  channels in ConfBridge.</p>
+	  <p>AST-2014-017 - Permission escalation through ConfBridge
+	  actions/dialplan functions.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://downloads.asterisk.org/pub/security/AST-2014-014.html</url>;
+      <url>http://downloads.asterisk.org/pub/security/AST-2014-017.html</url>;
+    </references>
+    <dates>
+      <discovery>2014-11-21</discovery>
+      <entry>2014-11-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="a92ed304-716c-11e4-b008-001999f8d30b">
+    <topic>asterisk -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>asterisk</name>
+	<range><lt>1.8.32.1</lt></range>
+      </package>
+      <package>
+	<name>asterisk11</name>
+	<range><lt>11.14.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The Asterisk project reports:</p>
+	<blockquote cite="https://www.asterisk.org/security">;
+	  <p>AST-2014-012 - Mixed IP address families in access
+	  control lists may permit unwanted traffic.</p>
+	  <p>AST-2014-018 - AMI permission escalation through DB
+	  dialplan function.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://downloads.asterisk.org/pub/security/AST-2014-012.html</url>;
+      <url>http://downloads.asterisk.org/pub/security/AST-2014-018.html</url>;
+    </references>
+    <dates>
+      <discovery>2014-11-21</discovery>
+      <entry>2014-11-21</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a5d4a82a-7153-11e4-88c7-6805ca0b3d42">
     <topic>phpMyAdmin -- XSS and information disclosure vulnerabilities</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201411211107.sALB70C0009790>