c34e0b1cd5
Fixes the following security issues: - CVE-2022-37325: A zero length Called or Calling Party Number can cause a buffer under-run and Asterisk crash. https://downloads.asterisk.org/pub/security/AST-2022-007.html - CVE-2022-42705: Use after free in res_pjsip_pubsub.c may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time Asterisk is also performing activty on that subscription. https://downloads.asterisk.org/pub/security/AST-2022-008.html - CVE-2022-42706: AMI Users with “config” permissions may read files outside of Asterisk directory via GetConfig AMI Action even if “live_dangerously" is set to "no" https://downloads.asterisk.org/pub/security/AST-2022-009.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
|---|---|---|
| .. | ||
| 0001-sounds-do-not-download-and-check-sha1s.patch | ||
| 0002-configure-fix-detection-of-libcrypt.patch | ||
| 0003-build-ensure-target-directory-for-modules-exists.patch | ||
| 0004-install-samples-need-the-data-files.patch | ||
| 0005-configure-fix-detection-of-re-entrant-resolver-funct.patch | ||
| asterisk.hash | ||
| asterisk.mk | ||
| Config.in | ||