[asterisk/f16] 1.8.12.1

Wed May 30 16:14:50 UTC 2012

commit 3a5cb758a094ee6185ad5d2db64e3b3bcc91c604
Author: Jeffrey C. Ollie <jeff at ocjtech.us>
Date:   Wed May 30 11:14:42 2012 -0500

    1.8.12.1

 .gitignore    |    2 ++
 asterisk.spec |   42 +++++++++++++++++++++++++++++++++++++++++-
 sources       |    4 ++--
 3 files changed, 45 insertions(+), 3 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index 1c967ab..33ab9a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -74,3 +74,5 @@ asterisk-1.8.0-beta3.tar.gz.asc
 /asterisk-1.8.11.1.tar.gz.asc
 /asterisk-1.8.12.0.tar.gz
 /asterisk-1.8.12.0.tar.gz.asc
+/asterisk-1.8.12.1.tar.gz
+/asterisk-1.8.12.1.tar.gz.asc
diff --git a/asterisk.spec b/asterisk.spec
index 35aba12..a9e894f 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -17,7 +17,7 @@
 
 Summary: The Open Source PBX
 Name: asterisk
-Version: 1.8.12.0
+Version: 1.8.12.1
 Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
 License: GPLv2
 Group: Applications/Internet
@@ -1277,6 +1277,46 @@ fi
 %{_libdir}/asterisk/modules/app_voicemail_plain.so
 
 %changelog
+* Wed May 30 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.12.1-1:
+- The Asterisk Development Team has announced security releases for Certified
+- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
+- released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following
+- two issues:
+-
+- * A remotely exploitable crash vulnerability exists in the IAX2 channel
+-  driver if an established call is placed on hold without a suggested music
+-  class. Asterisk will attempt to use an invalid pointer to the music
+-  on hold class name, potentially causing a crash.
+-
+- * A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
+-  Channel driver. When an SCCP client closes its connection to the server,
+-  a pointer in a structure is set to NULL.  If the client was not in the
+-  on-hook state at the time the connection was closed, this pointer is later
+-  dereferenced. This allows remote authenticated connections the ability to
+-  cause a crash in the server, denying services to legitimate users.
+-
+- These issues and their resolution are described in the security advisories.
+-
+- For more information about the details of these vulnerabilities, please read
+- security advisories AST-2012-007 and AST-2012-008, which were released at the
+- same time as this announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
+-
+- The security advisories are available at:
+-
+-  * http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
+-  * http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
+
 * Thu May  3 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.12.0-1:
 - The Asterisk Development Team has announced the release of Asterisk 1.8.12.0.
 - This release is available for immediate download at
diff --git a/sources b/sources
index 01c880b..287535b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-73d1da06da61f652a6c83f2604350df5  asterisk-1.8.12.0.tar.gz
-6d50d91efbb128105e52b2eba2f990c1  asterisk-1.8.12.0.tar.gz.asc
+ff1970d8137c04adb7791c89aa48dd46  asterisk-1.8.12.1.tar.gz
+25077b82948380f265b0377a50ef4161  asterisk-1.8.12.1.tar.gz.asc
