[asterisk/f17] 10.12.2

Jeffrey C. Ollie jcollie at fedoraproject.org
Thu Mar 28 15:35:13 UTC 2013 

commit 4e9a64121f8ebb3a91bb5518e8afb525cb6ccee9
Author: Jeffrey C. Ollie <jeff at ocjtech.us>
Date:   Thu Mar 28 10:35:08 2013 -0500

    10.12.2

 .gitignore    |    2 +
 asterisk.spec |   80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 sources       |    4 +-
 3 files changed, 83 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 5b81e61..b381b0d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -94,3 +94,5 @@ asterisk-1.8.0-beta3.tar.gz.asc
 /asterisk-10.11.1.tar.gz.asc
 /asterisk-10.12.0.tar.gz
 /asterisk-10.12.0.tar.gz.asc
+/asterisk-10.12.2.tar.gz
+/asterisk-10.12.2.tar.gz.asc
diff --git a/asterisk.spec b/asterisk.spec
index fe1d1ce..2373633 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -28,7 +28,7 @@
 
 Summary: The Open Source PBX
 Name: asterisk
-Version: 10.12.0
+Version: 10.12.2
 Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
 License: GPLv2
 Group: Applications/Internet
@@ -1364,6 +1364,84 @@ fi
 %{_libdir}/asterisk/modules/app_voicemail_plain.so
 
 %changelog
+* Thu Mar 28 2013 Jeffrey Ollie <jeff at ocjtech.us> - 10.12.2-1:
+- The Asterisk Development Team has announced security releases for Certified
+- Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
+- are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
+- and 11.2.2.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of these versions resolve the following issues:
+-
+- * A possible buffer overflow during H.264 format negotiation. The format
+-   attribute resource for H.264 video performs an unsafe read against a media
+-   attribute when parsing the SDP.
+-
+-   This vulnerability only affected Asterisk 11.
+-
+- * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
+-   in January of this year, contained a fix for Asterisk's HTTP server for a
+-   remotely-triggered crash. While the fix prevented the crash from being
+-   triggered, a denial of service vector still exists with that solution if an
+-   attacker sends one or more HTTP POST requests with very large Content-Length
+-   values.
+-
+-   This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
+-
+- * A potential username disclosure exists in the SIP channel driver. When
+-   authenticating a SIP request with alwaysauthreject enabled, allowguest
+-   disabled, and autocreatepeer disabled, Asterisk discloses whether a user
+-   exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
+-
+-   This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
+-
+- These issues and their resolutions are described in the security advisories.
+-
+- For more information about the details of these vulnerabilities, please read
+- security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
+- released at the same time as this announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2-digiumphones
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
+-
+- The security advisories are available at:
+-
+-  * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
+-  * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
+-  * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
+-
+- The Asterisk Development Team has announced the release of Asterisk 10.12.1.
+- This release is available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk
+-
+- The release of Asterisk 10.12.1 resolves several issues reported by the
+- community and would have not been possible without your participation.
+- Thank you!
+-
+- The following are the issues resolved in this release:
+-
+- * --- Fix astcanary startup problem due to wrong pid value from before
+-       daemon call
+-   (Closes issue ASTERISK-20947. Reported by Jakob Hirsch)
+-
+- * --- Update init.d scripts to handle stderr; readd splash screen for
+-       remote consoles
+-   (Closes issue ASTERISK-20945. Reported by Warren Selby)
+-
+- * --- Reset RTP timestamp; sequence number on SSRC change
+-   (Closes issue ASTERISK-20906. Reported by Eelco Brolman)
+-
+- For a full list of changes in this release, please see the ChangeLog:
+-
+- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.1
+
 * Fri Jan 18 2013 Jeffrey Ollie <jeff at ocjtech.us> - 10.12.0-1:
 - The Asterisk Development Team has announced the release of Asterisk 10.12.0.
 - This release is available for immediate download at
diff --git a/sources b/sources
index d573865..550db94 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-c1818eecfa562e4fb23f7830162ef33f  asterisk-10.12.0.tar.gz
-82e908a0a921dcdcdc2f256057e4386d  asterisk-10.12.0.tar.gz.asc
+7831ea3015d17bddeecce86c126192e2  asterisk-10.12.2.tar.gz
+7410b9c21a961cfaa960db97cf16cfd4  asterisk-10.12.2.tar.gz.asc

More information about the scm-commits mailing list