[Buildroot] [PATCH] asterisk: security bump to version 14.7.5
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Mon Jan 8 19:59:26 UTC 2018
Hello,
On Mon, 8 Jan 2018 11:08:15 +0100, Peter Korsgaard wrote:
> Fixes the following security issues:
>
> * AST-2017-014: Crash in PJSIP resource when missing a contact header A
> select set of SIP messages create a dialog in Asterisk. Those SIP
> messages must contain a contact header. For those messages, if the header
> was not present and using the PJSIP channel driver, it would cause
> Asterisk to crash. The severity of this vulnerability is somewhat
> mitigated if authentication is enabled. If authentication is enabled a
> user would have to first be authorized before reaching the crash point.
>
> For more details, see the announcement:
> https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/asterisk/asterisk.hash | 2 +-
> package/asterisk/asterisk.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list