| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
- CVE-2018-19278 (included in 15.6.2)
- CVE-2019-7251
- CVE-2019-12827
- CVE-2019-13161
- CVE-2019-15297
Closes #10790
|
|
|
|
|
|
| |
AST-2018-009 (CVE-2018-17281): Remote crash in HTTP websocket upgrade
(cherry picked from commit d5cca069111b327438185e1bf7507b292a3b931d)
|
|
|
|
|
|
|
| |
AST-2018-007: Infinite loop when reading iostreams
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
(cherry picked from commit 40fd8ce8d8419d7627964e69c29ea7c30b65a953)
(cherry picked from commit 4c6b45d7a5f74edf465b9f41c36dbd96182c8592)
|
|
|
|
|
|
|
|
|
|
|
| |
AST-2018-001 (CVE-2018-7285): Crash when receiving unnegotiated dynamic payload
AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004 (CVE-2018-7284): Crash when receiving SUBSCRIBE request
AST-2018-005 (CVE-2018-7286): Crash when large numbers of TCP connections are closed suddenly
AST-2018-006 (CVE-2018-7287): WebSocket frames with 0 sized payload causes DoS
(cherry picked from commit f0ae460f0cc464900bdb9a9265254e00d0da42f1)
|
|
|
|
| |
(cherry picked from commit b137d471e4ae63e37909accff94a30c4d4dfdc22)
|
|
|
|
|
|
| |
This is a requirement to get res_odbc built.
(cherry picked from commit bd3bc89b4abf4ea8817417f4d5594c8ebaf62749)
|
|
|
|
|
|
| |
fixes #8353
AST-2017-014 Crash in PJSIP resource when missing a contact header
|
|
|
|
|
|
| |
ref #8353
AST-2017-012 Remote Crash Vulnerability in RTCP Stack
|
|
|
|
|
|
| |
ref #8353
AST-2017-013 DOS Vulnerability in Asterisk chan_skinny
|
| |
|
| |
|
|
|
|
|
|
| |
AST-2017-009 Buffer overflow in pjproject header parsing can cause crash
AST-2017-010 Buffer overflow in CDR's set user
AST-2017-011 Memory leak in pjsip session resource
|
| |
|
|
|
|
| |
AST-2017-008 (CVE-2017-14099): RTP/RTCP information leak
|
|
|
|
|
|
| |
AST-2017-005: Media takeover in RTP stack
AST-2017-006: Shell access command injection in app_minivm
AST-2017-007: Remote Crash Vulerability in res_pjsip
|
|
|
|
| |
fixes #7583
|
| |
|
|
|
|
| |
rebase iostream patch
|
|
|
|
|
|
| |
AST-2017-002: Buffer Overrun in PJSIP transaction layer
AST-2017-003: Crash in PJSIP multi-part body parser
AST-2017-004: Memory exhaustion on short SCCP packets
|
|
|
|
| |
fixes #4840
|
| |
|
| |
|
|
|
|
| |
AST-2017-001 Buffer overflow in CDR's set user
|
| |
|
|
|
|
|
| |
- rebase ASTERISK-24517
- remove upstreamed patch
|
| |
|
|
|
|
| |
ref #6644
|
| |
|
|
|
|
| |
also disable -march=native to use proper alpine default arch target
|
| |
|
|
|
|
|
| |
fixes #3503
fixes #6394
|
| |
|
|
|
|
|
| |
- move libasteriskssl.so symlink back to main package
- fixes #6393
|
|
|
|
| |
fixes commit "main/[various]: dont set arch in split function"
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
AST-2016-006: Crash on ACK from unknown endpoint
AST-2016-007: RTP Resource Exhaustion
Remove our custom patch ASTERISK-19109 as unneeded since the
administrative mute can be used for similar features. And remove
musl-includes.patch as it was merged upstream.
|
| |
|
|
|
|
|
| |
- rebased ASTERISK-19109 patch
- add findutils as "find -printf" is now used in configure
|
| |
|
|
|
|
|
|
|
| |
Now all invocations have following order of arguments (if present):
addgroup -S -g ... GROUP
adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.
Comments and line wrapping have been preserved.
|
|
|
|
|
|
| |
This way we can avoid ugly default:
Linux user,,,
|
|
|
|
|
|
|
|
|
|
| |
AST-2016-001 TLS defaults to mitigate BEAST
AST-2016-002 Fix fd leak with non-default timert1
AST-2016-003 Remote crash in UDPTL
This also removes the security patch mechanism, upstream seems
to change the format of these patches on every security release
so just grab the tarball.
|
| |
|
|
|
|
| |
fixes #4840
|
| |
|
| |
|
| |
|