kumquat-buildroot/package/asterisk
Peter Korsgaard 2cb389deca package/asterisk: security bump to version 16.4.1
Fixes the following security issues:

CVE-2019-12827: A specially crafted SIP in-dialog MESSAGE message can cause
Asterisk to crash:

https://downloads.asterisk.org/pub/security/AST-2019-002.html

CVE-2019-13161: When T.38 faxing is done in Asterisk a T.38 reinvite may be
sent to an endpoint to switch it to T.38.  If the endpoint responds with an
improperly formatted SDP answer including both a T.38 UDPTL stream and an
audio or video stream containing only codecs not allowed on the SIP peer or
user a crash will occur.  The code incorrectly assumes that there will be at
least one common codec when T.38 is also in the SDP answer:

https://downloads.asterisk.org/pub/security/AST-2019-003.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-07-30 17:27:06 +02:00
..
0001-sounds-do-not-download-and-check-sha1s.patch package/asterisk: bump version to 16.0.0 2018-12-09 22:23:08 +01:00
0002-configure-fix-detection-of-libcrypt.patch package/asterisk: bump version to 16.0.0 2018-12-09 22:23:08 +01:00
0003-build-ensure-target-directory-for-modules-exists.patch package/asterisk: bump version to 16.0.0 2018-12-09 22:23:08 +01:00
0004-install-samples-need-the-data-files.patch package/asterisk: bump version to 16.0.0 2018-12-09 22:23:08 +01:00
0005-configure-fix-detection-of-re-entrant-resolver-funct.patch package/asterisk: enable for uclibc toolchains 2018-12-09 22:23:08 +01:00
asterisk.hash package/asterisk: security bump to version 16.4.1 2019-07-30 17:27:06 +02:00
asterisk.mk package/asterisk: security bump to version 16.4.1 2019-07-30 17:27:06 +02:00
Config.in package/asterisk: needs threads 2019-01-12 18:40:41 +01:00