jcollie pushed to asterisk (f22). "13.3.2"

notifications at fedoraproject.org notifications at fedoraproject.org
Thu Apr 9 15:49:03 UTC 2015 

>From 4656a5514e0b11e77775c83286f803bab53c7251 Mon Sep 17 00:00:00 2001
From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
Date: Thu, 9 Apr 2015 10:47:56 -0500
Subject: 13.3.2


diff --git a/asterisk.spec b/asterisk.spec
index 063827f..2107404 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -48,7 +48,7 @@
 
 Summary:          The Open Source PBX
 Name:             asterisk
-Version:          13.3.0
+Version:          13.3.2
 Release:          1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
 License:          GPLv2
 Group:            Applications/Internet
@@ -1612,6 +1612,61 @@ fi
 %{_libdir}/asterisk/modules/res_xmpp.so
 
 %changelog
+* Thu Apr  9 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 13.3.2-1:
+- The Asterisk Development Team has announced security releases for Certified
+- Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
+- security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
+- 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of these versions resolves the following security vulnerability:
+-
+- * AST-2015-003: TLS Certificate Common name NULL byte exploit
+-
+-   When Asterisk registers to a SIP TLS device and and verifies the server,
+-   Asterisk will accept signed certificates that match a common name other than
+-   the one Asterisk is expecting if the signed certificate has a common name
+-   containing a null byte after the portion of the common name that Asterisk
+-   expected. This potentially allows for a man in the middle attack.
+-
+- For more information about the details of this vulnerability, please read
+- security advisory AST-2015-003, which was released at the same time as this
+- announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert5
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert11
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.8.2
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.1-cert2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.3.2
+-
+- The security advisory is available at:
+-
+-  * http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
+
+* Thu Apr  9 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 13.3.1-1:
+- The Asterisk Development Team has announced the release of Asterisk 13.3.1.
+- This release is available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk
+-
+- The release of Asterisk 13.3.1 resolves an issue reported by the
+- community and would have not been possible without your participation.
+- Thank you!
+-
+- The following is the issue resolved in this release:
+-
+- * --- pjsip: resolve compatibility problem with ast_sip_session
+-   (Closes issue ASTERISK-24941. Reported by Matt Jordan)
+-
+- For a full list of changes in this release, please see the ChangeLog:
+-
+- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.3.1
+
 * Wed Apr  1 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 13.3.0-1:
 - The Asterisk Development Team has announced the release of Asterisk 13.3.0.
 - This release is available for immediate download at
diff --git a/sources b/sources
index 427560a..71594cd 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-95b4850668b8880e6c4bfefae4fb427c  asterisk-13.3.0.tar.gz
-e281295e59bb243b14e126e64e7a0810  asterisk-13.3.0.tar.gz.asc
+afc8a5b7fc239c7aa5692b563d7e6ed2  asterisk-13.3.2.tar.gz
+b05208f6e173674f96f1e35dae6b0744  asterisk-13.3.2.tar.gz.asc
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/asterisk.git/commit/?h=f22&id=4656a5514e0b11e77775c83286f803bab53c7251

More information about the scm-commits mailing list