[asterisk] 10.3.1

Tue Apr 24 15:19:47 UTC 2012

commit 1c8082c22a653cdcb39c09209036a445eaa4b06d
Author: Jeffrey C. Ollie <jeff at ocjtech.us>
Date:   Tue Apr 24 10:19:38 2012 -0500

    10.3.1

 .gitignore    |    2 ++
 asterisk.spec |   51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 sources       |    4 ++--
 3 files changed, 54 insertions(+), 3 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index 0d6e2a8..937f627 100644
--- a/.gitignore
+++ b/.gitignore
@@ -66,3 +66,5 @@ asterisk-1.8.0-beta3.tar.gz.asc
 /asterisk-10.2.1.tar.gz.asc
 /asterisk-10.3.0.tar.gz
 /asterisk-10.3.0.tar.gz.asc
+/asterisk-10.3.1.tar.gz
+/asterisk-10.3.1.tar.gz.asc
diff --git a/asterisk.spec b/asterisk.spec
index 497809b..e286152 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -28,7 +28,7 @@
 
 Summary: The Open Source PBX
 Name: asterisk
-Version: 10.3.0
+Version: 10.3.1
 Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
 License: GPLv2
 Group: Applications/Internet
@@ -1377,6 +1377,55 @@ fi
 %{_libdir}/asterisk/modules/app_voicemail_plain.so
 
 %changelog
+* Tue Apr 24 2012 Jeffrey Ollie <jeff at ocjtech.us> - 10.3.1-1
+- The Asterisk Development Team has announced security releases for Asterisk 1.6.2,
+- 1.8, and 10. The available security releases are released as versions 1.6.2.24,
+- 1.8.11.1, and 10.3.1.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following two
+- issues:
+-
+-  * A permission escalation vulnerability in Asterisk Manager Interface.  This
+-   would potentially allow remote authenticated users the ability to execute
+-   commands on the system shell with the privileges of the user running the
+-   Asterisk application.
+-
+-  * A heap overflow vulnerability in the Skinny Channel driver.  The keypad
+-   button message event failed to check the length of a fixed length buffer
+-   before appending a received digit to the end of that buffer.  A remote
+-   authenticated user could send sufficient keypad button message events that the
+-   buffer would be overrun.
+-
+- In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following
+- issue:
+-
+-  * A remote crash vulnerability in the SIP channel driver when processing UPDATE
+-   requests.  If a SIP UPDATE request was received indicating a connected line
+-   update after a channel was terminated but before the final destruction of the
+-   associated SIP dialog, Asterisk would attempt a connected line update on a
+-   non-existing channel, causing a crash.
+-
+- These issues and their resolution are described in the security advisories.
+-
+- For more information about the details of these vulnerabilities, please read
+- security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were
+- released at the same time as this announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.11.1
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
+-
+- The security advisories are available at:
+-
+-  * http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
+-  * http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
+-  * http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
+
 * Thu Mar 29 2012 Russell Bryant <russell at russellbryant.net> - 10.3.0-1
 - Update to 10.3.0
 
diff --git a/sources b/sources
index 7e466c0..4f1a545 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-111235b8c5156bcf1e00894c0216eef4  asterisk-10.3.0.tar.gz
-c9c18f73e4ae00b2bf44c56822ab3bc2  asterisk-10.3.0.tar.gz.asc
+e13cd024d1a02fb54c6a60fab39e1c73  asterisk-10.3.1.tar.gz
+0a001af7a17d22b7c672090a3c22459d  asterisk-10.3.1.tar.gz.asc
