]> rtime.felk.cvut.cz Git - coffee/buildroot.git/commit
projects / coffee / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a24ed41) | patch
asterisk: security bump to version 14.7.5
authorPeter Korsgaard <peter@korsgaard.com>
Mon, 8 Jan 2018 10:08:15 +0000 (11:08 +0100)
committerThomas Petazzoni <thomas.petazzoni@free-electrons.com>
Mon, 8 Jan 2018 19:56:46 +0000 (20:56 +0100)
commit4f13dc362d5c9c63fb5a21ede7cf902c1281cef0
tree256094b8e8adb7e55601f834a3593c0fc65a6031tree | snapshot
parenta24ed4127eafa8d2f1bea13142f5632f4c62031fcommit | diff
asterisk: security bump to version 14.7.5

Fixes the following security issues:

* AST-2017-014: Crash in PJSIP resource when missing a contact header A
  select set of SIP messages create a dialog in Asterisk.  Those SIP
  messages must contain a contact header.  For those messages, if the header
  was not present and using the PJSIP channel driver, it would cause
  Asterisk to crash.  The severity of this vulnerability is somewhat
  mitigated if authentication is enabled.  If authentication is enabled a
  user would have to first be authorized before reaching the crash point.

For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
package/asterisk/asterisk.hash diff | blob | history
package/asterisk/asterisk.mk diff | blob | history