jcollie pushed to asterisk (master). "13.3.2"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 9 15:48:04 UTC 2015
>From 4656a5514e0b11e77775c83286f803bab53c7251 Mon Sep 17 00:00:00 2001
From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
Date: Thu, 9 Apr 2015 10:47:56 -0500
Subject: 13.3.2
diff --git a/asterisk.spec b/asterisk.spec
index 063827f..2107404 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -48,7 +48,7 @@
Summary: The Open Source PBX
Name: asterisk
-Version: 13.3.0
+Version: 13.3.2
Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
License: GPLv2
Group: Applications/Internet
@@ -1612,6 +1612,61 @@ fi
%{_libdir}/asterisk/modules/res_xmpp.so
%changelog
+* Thu Apr 9 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 13.3.2-1:
+- The Asterisk Development Team has announced security releases for Certified
+- Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
+- security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
+- 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of these versions resolves the following security vulnerability:
+-
+- * AST-2015-003: TLS Certificate Common name NULL byte exploit
+-
+- When Asterisk registers to a SIP TLS device and and verifies the server,
+- Asterisk will accept signed certificates that match a common name other than
+- the one Asterisk is expecting if the signed certificate has a common name
+- containing a null byte after the portion of the common name that Asterisk
+- expected. This potentially allows for a man in the middle attack.
+-
+- For more information about the details of this vulnerability, please read
+- security advisory AST-2015-003, which was released at the same time as this
+- announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert5
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert11
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.8.2
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.1-cert2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.3.2
+-
+- The security advisory is available at:
+-
+- * http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
+
+* Thu Apr 9 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 13.3.1-1:
+- The Asterisk Development Team has announced the release of Asterisk 13.3.1.
+- This release is available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk
+-
+- The release of Asterisk 13.3.1 resolves an issue reported by the
+- community and would have not been possible without your participation.
+- Thank you!
+-
+- The following is the issue resolved in this release:
+-
+- * --- pjsip: resolve compatibility problem with ast_sip_session
+- (Closes issue ASTERISK-24941. Reported by Matt Jordan)
+-
+- For a full list of changes in this release, please see the ChangeLog:
+-
+- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.3.1
+
* Wed Apr 1 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 13.3.0-1:
- The Asterisk Development Team has announced the release of Asterisk 13.3.0.
- This release is available for immediate download at
diff --git a/sources b/sources
index 427560a..71594cd 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-95b4850668b8880e6c4bfefae4fb427c asterisk-13.3.0.tar.gz
-e281295e59bb243b14e126e64e7a0810 asterisk-13.3.0.tar.gz.asc
+afc8a5b7fc239c7aa5692b563d7e6ed2 asterisk-13.3.2.tar.gz
+b05208f6e173674f96f1e35dae6b0744 asterisk-13.3.2.tar.gz.asc
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/asterisk.git/commit/?h=master&id=4656a5514e0b11e77775c83286f803bab53c7251
More information about the scm-commits
mailing list