[asterisk] 10.3.1
Jeffrey C. Ollie
jcollie at fedoraproject.org
Tue Apr 24 15:19:47 UTC 2012
commit 1c8082c22a653cdcb39c09209036a445eaa4b06d
Author: Jeffrey C. Ollie <jeff at ocjtech.us>
Date: Tue Apr 24 10:19:38 2012 -0500
10.3.1
.gitignore | 2 ++
asterisk.spec | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
sources | 4 ++--
3 files changed, 54 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 0d6e2a8..937f627 100644
--- a/.gitignore
+++ b/.gitignore
@@ -66,3 +66,5 @@ asterisk-1.8.0-beta3.tar.gz.asc
/asterisk-10.2.1.tar.gz.asc
/asterisk-10.3.0.tar.gz
/asterisk-10.3.0.tar.gz.asc
+/asterisk-10.3.1.tar.gz
+/asterisk-10.3.1.tar.gz.asc
diff --git a/asterisk.spec b/asterisk.spec
index 497809b..e286152 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -28,7 +28,7 @@
Summary: The Open Source PBX
Name: asterisk
-Version: 10.3.0
+Version: 10.3.1
Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
License: GPLv2
Group: Applications/Internet
@@ -1377,6 +1377,55 @@ fi
%{_libdir}/asterisk/modules/app_voicemail_plain.so
%changelog
+* Tue Apr 24 2012 Jeffrey Ollie <jeff at ocjtech.us> - 10.3.1-1
+- The Asterisk Development Team has announced security releases for Asterisk 1.6.2,
+- 1.8, and 10. The available security releases are released as versions 1.6.2.24,
+- 1.8.11.1, and 10.3.1.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following two
+- issues:
+-
+- * A permission escalation vulnerability in Asterisk Manager Interface. This
+- would potentially allow remote authenticated users the ability to execute
+- commands on the system shell with the privileges of the user running the
+- Asterisk application.
+-
+- * A heap overflow vulnerability in the Skinny Channel driver. The keypad
+- button message event failed to check the length of a fixed length buffer
+- before appending a received digit to the end of that buffer. A remote
+- authenticated user could send sufficient keypad button message events that the
+- buffer would be overrun.
+-
+- In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following
+- issue:
+-
+- * A remote crash vulnerability in the SIP channel driver when processing UPDATE
+- requests. If a SIP UPDATE request was received indicating a connected line
+- update after a channel was terminated but before the final destruction of the
+- associated SIP dialog, Asterisk would attempt a connected line update on a
+- non-existing channel, causing a crash.
+-
+- These issues and their resolution are described in the security advisories.
+-
+- For more information about the details of these vulnerabilities, please read
+- security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were
+- released at the same time as this announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.11.1
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
+-
+- The security advisories are available at:
+-
+- * http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
+- * http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
+- * http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
+
* Thu Mar 29 2012 Russell Bryant <russell at russellbryant.net> - 10.3.0-1
- Update to 10.3.0
diff --git a/sources b/sources
index 7e466c0..4f1a545 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-111235b8c5156bcf1e00894c0216eef4 asterisk-10.3.0.tar.gz
-c9c18f73e4ae00b2bf44c56822ab3bc2 asterisk-10.3.0.tar.gz.asc
+e13cd024d1a02fb54c6a60fab39e1c73 asterisk-10.3.1.tar.gz
+0a001af7a17d22b7c672090a3c22459d asterisk-10.3.1.tar.gz.asc
More information about the scm-commits
mailing list