package/asterisk: security bump version to 14.7.8

Fixes the following security issues:

AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
There is a stack overflow vulnerability in the res_http_websocket.so module of
Asterisk that allows an attacker to crash Asterisk via a specially crafted
HTTP request to upgrade the connection to a websocket. The attacker’s
request causes Asterisk to run out of stack space and crash.

For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-13231-1478-1561-and-1321-cert3-now-available-security-release

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: mark as security fix, extend commit message]
(cherry picked from commit 19b64c2286)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Bernd Kuhls 2018-10-03 15:13:55 +02:00 committed by Peter Korsgaard
parent 51ff8bb263
commit efb4c2ffcc
2 changed files with 2 additions and 2 deletions

View File

@ -1,5 +1,5 @@
# Locally computed
sha256 249cf223ef4dd7aea01f0d250a6b9cad661ebd78910c73adb7f59c1c46f9fed8 asterisk-14.7.6.tar.gz
sha256 41c99bd2236af95d056e15f9d044c28b69e00935e67791b18fa70b0614402012 asterisk-14.7.8.tar.gz
# sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
# sha256 locally computed

View File

@ -4,7 +4,7 @@
#
################################################################################
ASTERISK_VERSION = 14.7.6
ASTERISK_VERSION = 14.7.8
# Use the github mirror: it's an official mirror maintained by Digium, and
# provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))