FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6adf6ce0-44a6-11eb-95b7-001999f8d30basterisk -- Remote crash in res_pjsip_diversion

The Asterisk project reports:

AST-2020-003: A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri.

AST-2020-004: A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri.


Discovery 2020-12-02
Entry 2020-12-22
asterisk13
lt 13.38.1

asterisk16
lt 16.15.1

asterisk18
lt 18.1.1

https://downloads.asterisk.org/pub/security/AST-2020-003.html
https://downloads.asterisk.org/pub/security/AST-2020-004.html
1bb2826b-7229-11eb-8386-001999f8d30basterisk -- Remote Crash Vulnerability in PJSIP channel driver

The Asterisk project reports:

Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur.


Discovery 2021-02-08
Entry 2021-02-18
asterisk13
lt 13.38.2

asterisk16
lt 16.16.1

asterisk18
lt 18.2.1

CVE-2021-26906
https://downloads.asterisk.org/pub/security/AST-2021-005.html
9e8f0766-7d21-11eb-a2be-001999f8d30basterisk -- Crash when negotiating T.38 with a zero port

The Asterisk project reports:

When Asterisk sends a re-invite initiating T.38 faxing and the endpoint responds with a m=image line and zero port, a crash will occur in Asterisk. This is a reoccurrence of AST-2019-004.


Discovery 2021-02-20
Entry 2021-03-04
asterisk16
lt 16.16.2

asterisk18
lt 18.2.2

CVE-2019-15297
https://downloads.asterisk.org/pub/security/AST-2021-006.html
e3894955-7227-11eb-8386-001999f8d30basterisk -- Remote crash possible when negotiating T.38

The Asterisk project reports:

When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.


Discovery 2021-02-05
Entry 2021-02-18
asterisk16
ge 16.15.0 lt 16.16.1

asterisk18
ge 18.1.0 lt 18.2.1

CVE-2021-26717
https://downloads.asterisk.org/pub/security/AST-2021-002.html