[asterisk/f17] 10.12.2
Jeffrey C. Ollie
jcollie at fedoraproject.org
Thu Mar 28 15:35:13 UTC 2013
commit 4e9a64121f8ebb3a91bb5518e8afb525cb6ccee9
Author: Jeffrey C. Ollie <jeff at ocjtech.us>
Date: Thu Mar 28 10:35:08 2013 -0500
10.12.2
.gitignore | 2 +
asterisk.spec | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
sources | 4 +-
3 files changed, 83 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5b81e61..b381b0d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -94,3 +94,5 @@ asterisk-1.8.0-beta3.tar.gz.asc
/asterisk-10.11.1.tar.gz.asc
/asterisk-10.12.0.tar.gz
/asterisk-10.12.0.tar.gz.asc
+/asterisk-10.12.2.tar.gz
+/asterisk-10.12.2.tar.gz.asc
diff --git a/asterisk.spec b/asterisk.spec
index fe1d1ce..2373633 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -28,7 +28,7 @@
Summary: The Open Source PBX
Name: asterisk
-Version: 10.12.0
+Version: 10.12.2
Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
License: GPLv2
Group: Applications/Internet
@@ -1364,6 +1364,84 @@ fi
%{_libdir}/asterisk/modules/app_voicemail_plain.so
%changelog
+* Thu Mar 28 2013 Jeffrey Ollie <jeff at ocjtech.us> - 10.12.2-1:
+- The Asterisk Development Team has announced security releases for Certified
+- Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
+- are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
+- and 11.2.2.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of these versions resolve the following issues:
+-
+- * A possible buffer overflow during H.264 format negotiation. The format
+- attribute resource for H.264 video performs an unsafe read against a media
+- attribute when parsing the SDP.
+-
+- This vulnerability only affected Asterisk 11.
+-
+- * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
+- in January of this year, contained a fix for Asterisk's HTTP server for a
+- remotely-triggered crash. While the fix prevented the crash from being
+- triggered, a denial of service vector still exists with that solution if an
+- attacker sends one or more HTTP POST requests with very large Content-Length
+- values.
+-
+- This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
+-
+- * A potential username disclosure exists in the SIP channel driver. When
+- authenticating a SIP request with alwaysauthreject enabled, allowguest
+- disabled, and autocreatepeer disabled, Asterisk discloses whether a user
+- exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
+-
+- This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
+-
+- These issues and their resolutions are described in the security advisories.
+-
+- For more information about the details of these vulnerabilities, please read
+- security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
+- released at the same time as this announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2-digiumphones
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
+-
+- The security advisories are available at:
+-
+- * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
+- * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
+- * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
+-
+- The Asterisk Development Team has announced the release of Asterisk 10.12.1.
+- This release is available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk
+-
+- The release of Asterisk 10.12.1 resolves several issues reported by the
+- community and would have not been possible without your participation.
+- Thank you!
+-
+- The following are the issues resolved in this release:
+-
+- * --- Fix astcanary startup problem due to wrong pid value from before
+- daemon call
+- (Closes issue ASTERISK-20947. Reported by Jakob Hirsch)
+-
+- * --- Update init.d scripts to handle stderr; readd splash screen for
+- remote consoles
+- (Closes issue ASTERISK-20945. Reported by Warren Selby)
+-
+- * --- Reset RTP timestamp; sequence number on SSRC change
+- (Closes issue ASTERISK-20906. Reported by Eelco Brolman)
+-
+- For a full list of changes in this release, please see the ChangeLog:
+-
+- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.1
+
* Fri Jan 18 2013 Jeffrey Ollie <jeff at ocjtech.us> - 10.12.0-1:
- The Asterisk Development Team has announced the release of Asterisk 10.12.0.
- This release is available for immediate download at
diff --git a/sources b/sources
index d573865..550db94 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-c1818eecfa562e4fb23f7830162ef33f asterisk-10.12.0.tar.gz
-82e908a0a921dcdcdc2f256057e4386d asterisk-10.12.0.tar.gz.asc
+7831ea3015d17bddeecce86c126192e2 asterisk-10.12.2.tar.gz
+7410b9c21a961cfaa960db97cf16cfd4 asterisk-10.12.2.tar.gz.asc
More information about the scm-commits
mailing list