-14.7.4
\ No newline at end of file
+14.7.5
\ No newline at end of file
+2017-12-22 22:26 +0000 Asterisk Development Team <asteriskteam@digium.com>
+
+ * asterisk 14.7.5 Released.
+
+2017-12-20 16:17 +0000 [ad5323acfa] Kevin Harwell <kharwell@digium.com>
+
+ * AST-2017-014: res_pjsip - Missing contact header can cause crash
+
+ Those SIP messages that create dialogs require a contact header to be present.
+ If the contact header was missing from the message it could cause Asterisk to
+ crash.
+
+ This patch checks to make sure SIP messages that create a dialog contain the
+ contact header. If the message does not and it is required Asterisk now returns
+ a "400 Missing Contact header" response. Also added NULL checks when retrieving
+ the contact header that were missing as a "just in case".
+
+ ASTERISK-27480 #close
+
+ Change-Id: I1810db87683fc637a9e3e1384a746037fec20afe
+ (cherry picked from commit f6757b1d60512e91e60f808a772d9681cbe65dee)
+
2017-12-13 14:33 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 14.7.4 Released.
+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-14.7.4</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-14.7.4</h3><h3 align="center">Date: 2017-12-13</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#closed_issues">Closed Issues</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2017-012.html">AST-2017-012</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-14.7.3.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Joshua Colp <jcolp@digium.com><br/></td><td width="33%"><td width="33%">1 Tzafrir Cohen <tzafrir.cohen@xorcom.com><br/>1 Vitezslav Novy <a1@vnovy.net><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27382">ASTERISK-27382</a>: crash after an invalid rtcp packet from GT48 FXS gateway<br/>Reported by: Tzafrir Cohen<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=dee00fd80b697e3a704bb6964ee8e4b7e9ea52bd">[dee00fd80b]</a> Joshua Colp -- AST-2017-012: Place single RTCP report block at beginning of report.</li>
-</ul><br><h4>Category: Resources/res_rtp_asterisk</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27429">ASTERISK-27429</a>: res_rtp_asterisk: Multiple reports in an RTCP packet will write past where it should<br/>Reported by: Vitezslav Novy<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=dee00fd80b697e3a704bb6964ee8e4b7e9ea52bd">[dee00fd80b]</a> Joshua Colp -- AST-2017-012: Place single RTCP report block at beginning of report.</li>
-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>
\ No newline at end of file
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-14.7.5</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-14.7.5</h3><h3 align="center">Date: 2017-12-22</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release is a point release of an existing major version. The changes included were made to address problems that have been identified in this release series, or are minor, backwards compatible new features or improvements. Users should be able to safely upgrade to this version if this release series is already in use. Users considering upgrading from a previous version are strongly encouraged to review the UPGRADE.txt document as well as the CHANGES document for information about upgrading to this release series.</p><p>The data in this summary reflects changes that have been made since the previous release, asterisk-14.7.4.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">1 Kevin Harwell <kharwell@digium.com><br/></td><td width="33%"><td width="33%">1 Ross Beer <ross.beer@voicehost.co.uk><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Channels/chan_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27480">ASTERISK-27480</a>: Security: Authenticated SUBSCRIBE without Contact crashes asterisk<br/>Reported by: Ross Beer<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=ad5323acfabfe45bc9688e6d1b6ba13085f9f9b9">[ad5323acfa]</a> Kevin Harwell -- AST-2017-014: res_pjsip - Missing contact header can cause crash</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>
\ No newline at end of file
Release Summary
- asterisk-14.7.4
+ asterisk-14.7.5
- Date: 2017-12-13
+ Date: 2017-12-22
<asteriskteam@digium.com>
[Back to Top]
- This release has been made to address one or more security vulnerabilities
- that have been identified. A security advisory document has been published
- for each vulnerability that includes additional information. Users of
- versions of Asterisk that are affected are strongly encouraged to review
- the advisories and determine what action they should take to protect their
- systems from these issues.
-
- Security Advisories:
-
- * AST-2017-012
+ This release is a point release of an existing major version. The changes
+ included were made to address problems that have been identified in this
+ release series, or are minor, backwards compatible new features or
+ improvements. Users should be able to safely upgrade to this version if
+ this release series is already in use. Users considering upgrading from a
+ previous version are strongly encouraged to review the UPGRADE.txt
+ document as well as the CHANGES document for information about upgrading
+ to this release series.
The data in this summary reflects changes that have been made since the
- previous release, asterisk-14.7.3.
+ previous release, asterisk-14.7.4.
----------------------------------------------------------------------
this release.
Coders Testers Reporters
- 1 Joshua Colp 1 Tzafrir Cohen
- 1 Vitezslav Novy
+ 1 Kevin Harwell 1 Ross Beer
----------------------------------------------------------------------
Bug
- Category: General
-
- ASTERISK-27382: crash after an invalid rtcp packet from GT48 FXS gateway
- Reported by: Tzafrir Cohen
- * [dee00fd80b] Joshua Colp -- AST-2017-012: Place single RTCP report
- block at beginning of report.
-
- Category: Resources/res_rtp_asterisk
+ Category: Channels/chan_pjsip
- ASTERISK-27429: res_rtp_asterisk: Multiple reports in an RTCP packet will
- write past where it should
- Reported by: Vitezslav Novy
- * [dee00fd80b] Joshua Colp -- AST-2017-012: Place single RTCP report
- block at beginning of report.
+ ASTERISK-27480: Security: Authenticated SUBSCRIBE without Contact crashes
+ asterisk
+ Reported by: Ross Beer
+ * [ad5323acfa] Kevin Harwell -- AST-2017-014: res_pjsip - Missing
+ contact header can cause crash
----------------------------------------------------------------------
projects / thirdparty / asterisk.git / commitdiff
