]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
projects / thirdparty / asterisk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: db0788c)
Update for certified-20.7-cert4 certified-20.7-cert4
authorAsterisk Development Team <asteriskteam@digium.com>
Thu, 9 Jan 2025 20:22:10 +0000 (20:22 +0000)
committerAsterisk Development Team <asteriskteam@digium.com>
Thu, 9 Jan 2025 20:22:10 +0000 (20:22 +0000)
.version patch | blob | blame | history
CHANGES.md patch | blob | blame | history
ChangeLogs/ChangeLog-certified-20.7-cert4.md [new file with mode: 0644] patch | blob

diff --git a/.version b/.version
index e4e57fc7b7ac2498117dbedf54ed586b5c0f4bf3..3ae74c7497f5b83bd2c1786f8802b9606bf481ff 100644 (file)
--- a/.version
+++ b/.version
@@ -1 +1 @@
-certified-20.7-cert3
+certified-20.7-cert4
diff --git a/CHANGES.md b/CHANGES.md
index 75a1486c0d554ee79cfcb6022b7cb86f441216ef..00e01eb02b826479de4370e71d9e4d6b685e0f7b 120000 (symlink)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1 +1 @@
-ChangeLogs/ChangeLog-certified-20.7-cert3.md
\ No newline at end of file
+ChangeLogs/ChangeLog-certified-20.7-cert4.md
\ No newline at end of file
diff --git a/ChangeLogs/ChangeLog-certified-20.7-cert4.md b/ChangeLogs/ChangeLog-certified-20.7-cert4.md
new file mode 100644 (file)
index 0000000..8a23244
--- /dev/null
+++ b/ChangeLogs/ChangeLog-certified-20.7-cert4.md
@@ -0,0 +1,65 @@
+
+## Change Log for Release asterisk-certified-20.7-cert4
+
+### Links:
+
+ - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-20.7-cert4.md)  
+ - [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-20.7-cert3...certified-20.7-cert4)  
+ - [Tarball](https://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-20.7-cert4.tar.gz)  
+ - [Downloads](https://downloads.asterisk.org/pub/telephony/certified-asterisk)  
+
+### Summary:
+
+- Commits: 1
+- Commit Authors: 1
+- Issues Resolved: 0
+- Security Advisories Resolved: 1
+  - [GHSA-33x6-fj46-6rfh](https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh): Path traversal via AMI ListCategories allows access to outside files
+
+### User Notes:
+
+- #### manager.c: Restrict ListCategories to the configuration directory.              
+  The ListCategories AMI action now restricts files to the
+  configured configuration directory.
+
+
+### Upgrade Notes:
+
+
+### Commit Authors:
+
+- Ben Ford: (1)
+
+## Issue and Commit Detail:
+
+### Closed Issues:
+
+  - !GHSA-33x6-fj46-6rfh: Path traversal via AMI ListCategories allows access to outside files
+
+### Commits By Author:
+
+- #### Ben Ford (1):
+  - manager.c: Restrict ListCategories to the configuration directory.
+
+
+### Commit List:
+
+-  manager.c: Restrict ListCategories to the configuration directory.
+
+### Commit Details:
+
+#### manager.c: Restrict ListCategories to the configuration directory.
+  Author: Ben Ford
+  Date:   2024-12-17
+
+  When using the ListCategories AMI action, it was possible to traverse
+  upwards through the directories to files outside of the configured
+  configuration directory. This action is now restricted to the configured
+  directory and an error will now be returned if the specified file is
+  outside of this limitation.
+
+  Resolves: #GHSA-33x6-fj46-6rfh
+
+  UserNote: The ListCategories AMI action now restricts files to the
+  configured configuration directory.
+
Mirror of https://github.com/asterisk/asterisk.git