14aab69703
Fixes the following security issues:
CVE-2019-12827: A specially crafted SIP in-dialog MESSAGE message can cause
Asterisk to crash:
https://downloads.asterisk.org/pub/security/AST-2019-002.html
CVE-2019-13161: When T.38 faxing is done in Asterisk a T.38 reinvite may be
sent to an endpoint to switch it to T.38. If the endpoint responds with an
improperly formatted SDP answer including both a T.38 UDPTL stream and an
audio or video stream containing only codecs not allowed on the SIP peer or
user a crash will occur. The code incorrectly assumes that there will be at
least one common codec when T.38 is also in the SDP answer:
https://downloads.asterisk.org/pub/security/AST-2019-003.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 0001-sounds-do-not-download-and-check-sha1s.patch | ||
| 0002-configure-fix-detection-of-libcrypt.patch | ||
| 0003-build-ensure-target-directory-for-modules-exists.patch | ||
| 0004-install-samples-need-the-data-files.patch | ||
| 0005-configure-fix-detection-of-re-entrant-resolver-funct.patch | ||
| asterisk.hash | ||
| asterisk.mk | ||
| Config.in | ||