jcollie pushed to asterisk (f20). "11.17.1"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 9 20:04:03 UTC 2015
>From 7cab1277f2124b887a8eda9deabd3552e848b9f1 Mon Sep 17 00:00:00 2001
From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
Date: Thu, 9 Apr 2015 15:03:33 -0500
Subject: 11.17.1
diff --git a/asterisk.spec b/asterisk.spec
index 8e4187f..ffc0b59 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -48,7 +48,7 @@
Summary: The Open Source PBX
Name: asterisk
-Version: 11.17.0
+Version: 11.17.1
Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
License: GPLv2
Group: Applications/Internet
@@ -1411,6 +1411,43 @@ fi
%{_libdir}/asterisk/modules/app_voicemail_plain.so
%changelog
+* Thu Apr 9 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 11.17.1-1
+- The Asterisk Development Team has announced security releases for Certified
+- Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
+- security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
+- 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
+-
+- These releases are available for immediate download at
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases
+-
+- The release of these versions resolves the following security vulnerability:
+-
+- * AST-2015-003: TLS Certificate Common name NULL byte exploit
+-
+- When Asterisk registers to a SIP TLS device and and verifies the server,
+- Asterisk will accept signed certificates that match a common name other than
+- the one Asterisk is expecting if the signed certificate has a common name
+- containing a null byte after the portion of the common name that Asterisk
+- expected. This potentially allows for a man in the middle attack.
+-
+- For more information about the details of this vulnerability, please read
+- security advisory AST-2015-003, which was released at the same time as this
+- announcement.
+-
+- For a full list of changes in the current releases, please see the ChangeLogs:
+-
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert5
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert11
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.8.2
+- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-13.1-cert2
+- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.3.2
+-
+- The security advisory is available at:
+-
+- * http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
+
* Wed Apr 1 2015 Jeffrey C. Ollie <jeff at ocjtech.us> - 11.17.0-1
- The Asterisk Development Team has announced the release of Asterisk 11.17.0.
- This release is available for immediate download at
diff --git a/sources b/sources
index 9db4357..cdf4c78 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-40fefc4e0473a672a2b0cac2d08fcd42 asterisk-11.17.0.tar.gz
-8532456cd8b9f4cd6ed70b461baa747a asterisk-11.17.0.tar.gz.asc
+2c6cd0f499152d0d5ff32f36e274fc2e asterisk-11.17.1.tar.gz
+cb3e9fd3d7f75184317e36181ce800cf asterisk-11.17.1.tar.gz.asc
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/asterisk.git/commit/?h=f20&id=7cab1277f2124b887a8eda9deabd3552e848b9f1
More information about the scm-commits
mailing list