[asterisk] 10.5.2
Jeffrey C. Ollie
jcollie at fedoraproject.org
Thu Jul 5 21:45:56 UTC 2012
commit cd05c6dd97eeaa95d16820a80edbdbc20d96cc99
Author: Jeffrey C. Ollie <jeff at ocjtech.us>
Date: Thu Jul 5 16:44:13 2012 -0500
10.5.2
.gitignore | 2 ++
asterisk.spec | 42 ++++++++++++++++++++++++++++++++++++++++--
sources | 4 ++--
3 files changed, 44 insertions(+), 4 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index e60244f..0d41a98 100644
--- a/.gitignore
+++ b/.gitignore
@@ -76,3 +76,5 @@ asterisk-1.8.0-beta3.tar.gz.asc
/asterisk-10.4.2.tar.gz.asc
/asterisk-10.5.1.tar.gz
/asterisk-10.5.1.tar.gz.asc
+/asterisk-10.5.2.tar.gz
+/asterisk-10.5.2.tar.gz.asc
diff --git a/asterisk.spec b/asterisk.spec
index 4a43ec5..3c2b31b 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -28,8 +28,8 @@
Summary: The Open Source PBX
Name: asterisk
-Version: 10.5.1
-Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}.1
+Version: 10.5.2
+Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
License: GPLv2
Group: Applications/Internet
URL: http://www.asterisk.org/
@@ -1359,6 +1359,44 @@ fi
%{_libdir}/asterisk/modules/app_voicemail_plain.so
%changelog
+* Thu Jul 5 2012 Jeffrey Ollie <jeff at ocjtech.us> - 10.5.2-1:
+- The Asterisk Development Team has announced security releases for Certified
+- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
+- released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
+- resolve the following two issues:
+-
+- * If Asterisk sends a re-invite and an endpoint responds to the re-invite with
+- a provisional response but never sends a final response, then the SIP dialog
+- structure is never freed and the RTP ports for the call are never released. If
+- an attacker has the ability to place a call, they could create a denial of
+- service by using all available RTP ports.
+-
+- * If a single voicemail account is manipulated by two parties simultaneously,
+- a condition can occur where memory is freed twice causing a crash.
+-
+- These issues and their resolution are described in the security advisories.
+-
+- For more information about the details of these vulnerabilities, please read
+- security advisories AST-2012-010 and AST-2012-011, which were released at the
+- same time as this announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert4
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2-digiumphones
+-
+- The security advisories are available at:
+-
+- * http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
+- * http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
+
* Thu Jun 28 2012 Petr Pisar <ppisar at redhat.com> - 10.5.1-1.1
- Perl 5.16 rebuild
diff --git a/sources b/sources
index b01170c..c10a654 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-fbbea8a1ed26144cfa94b54df4adb3fd asterisk-10.5.1.tar.gz
-42b4e85b5eea7a457c7e30327d895924 asterisk-10.5.1.tar.gz.asc
+89ce2431ea99ee9645f76193d1566034 asterisk-10.5.2.tar.gz
+fcef686bb5d7e73dd50b617140965e81 asterisk-10.5.2.tar.gz.asc
More information about the scm-commits
mailing list