+*asterisk-12.1.1 (11 Mar 2014)
+*asterisk-11.8.1 (11 Mar 2014)
+*asterisk-126.96.36.199 (11 Mar 2014)
+ 11 Mar 2014; Tony Vroon <firstname.lastname@example.org> -asterisk-188.8.131.52.ebuild,
+ +asterisk-184.108.40.206.ebuild, -asterisk-11.7.0-r1.ebuild,
+ -asterisk-11.8.0.ebuild, +asterisk-11.8.1.ebuild, -asterisk-12.0.0.ebuild,
+ -asterisk-12.1.0.ebuild, +asterisk-12.1.1.ebuild:
+ New releases in all three branches to address a stack overflow in HTTP cookie
+ header processing, a file descriptor exhaustion through session timers in
+ chan_sip and two remote crashes in PJSIP (12 branch only). Removed all
+ vulnerable non-stable ebuilds. Upstream vulnerability reports AST-2014-001,
+ 002, 003 & 004.
Arches, please test and mark stable:
The following branch is masked and has no stable ebuilds:
The following vulnerable ebuilds should be removed after security stabling:
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Clean-up by ago is complete, secure ebuilds on all three branches. Please proceed with GLSA decision process.
Thanks everyone. GLSA request filed.
res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open
Source 12.x before 12.1.0 allows remote authenticated users to cause a
denial of service (crash) via a SUBSCRIBE request without any Accept
headers, which triggers an invalid pointer dereference.
Lowering vulnerability score, due to all of the specified vulnerabilities are classified as Denial of Service by upstream
This issue was resolved and addressed in
GLSA 201405-05 at http://security.gentoo.org/glsa/glsa-201405-05.xml
by GLSA coordinator Sergey Popov (pinkbyte).