+2019-09-05 13:09 +0000 Asterisk Development Team <asteriskteam@digium.com>
+
+ * asterisk 15.7.4 Released.
+
+2019-08-20 15:05 +0000 [b49f09a292] Alexei Gradinari <alex2grad@gmail.com> (license 5691)
+
+ * AST-2019-004 - res_pjsip_t38.c: Add NULL checks before using session media
+
+ After receiving a 200 OK with a declined stream in response to a T.38
+ initiated re-invite Asterisk would crash when attempting to dereference
+ a NULL session media object.
+
+ This patch checks to make sure the session media object is not NULL before
+ attempting to use it.
+
+ ASTERISK-28495
+ patches:
+ ast-2019-004.patch submitted by Alexei Gradinari (license 5691)
+
+ Change-Id: I168f45f4da29cfe739acf87e597baa2aae7aa572
+
2019-07-11 19:22 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 15.7.3 Released.
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-15.7.
3</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-15.7.3</h3><h3 align="center">Date: 2019-07-11</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-15.7.
4</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-15.7.4</h3><h3 align="center">Date: 2019-09-05</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
<li><a href="#summary">Summary</a></li>
<li><a href="#contributors">Contributors</a></li>
<li><a href="#closed_issues">Closed Issues</a></li>
<li><a href="#diffstat">Diffstat</a></li>
</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2019-002,AST-2019-003.html">AST-2019-002,AST-2019-003</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-15.7.
2.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2019-004.html">AST-2019-004</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-15.7.
3.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Francesco Castellano <francesco.castellano@messagenet.it><br/>1 George Joseph <gjoseph@digium.com><br/></td><td width="33%"><td width="33%">1 Gil Richard<br/>1 Gil Richard <grichard@intertalksystems.com><br/>1 Francesco Castellano <francesco.castellano@messagenet.it><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Channels/chan_sip/Interoperability</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28465">ASTERISK-28465</a>: Broken SDP can cause a segfault in a T.38 reINVITE<br/>Reported by: Francesco Castellano<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=74835b30c8263898b577d17774c9c71514d20955">[74835b30c8]</a> Francesco Castellano -- chan_sip: Handle invalid SDP answer to T.38 re-invite</li>
-</ul><br><h4>Category: Resources/res_pjsip_messaging</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28447">ASTERISK-28447</a>: res_pjsip_messaging: In-dialog MESSAGE with no body causes crash<br/>Reported by: Gil Richard<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=08cf3516c48d2c5ef510d3deb7afa0f637dd875e">[08cf3516c4]</a> George Joseph -- res_pjsip_messaging: Check for body in in-dialog message</li>
-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>
\ No newline at end of file
+<tr valign="top"><td width="33%">1 Alexei Gradinari <alex2grad@gmail.com> (license 5691)<br/></td><td width="33%"><td width="33%">1 Alexei Gradinari <alex2grad@gmail.com><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_pjsip_t38</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28495">ASTERISK-28495</a>: res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash<br/>Reported by: Alexei Gradinari<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=b49f09a2929ff77e0fc08ef02238b5bc917aab08">[b49f09a292]</a> Alexei Gradinari -- AST-2019-004 - res_pjsip_t38.c: Add NULL checks before using session media</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>res_pjsip_t38.c | 46 +++++++++++++++++++++++++---------------------
+1 file changed, 25 insertions(+), 21 deletions(-)</pre><br></html>
\ No newline at end of file
Release Summary
- asterisk-15.7.3
+ asterisk-15.7.4
- Date: 2019-07-11
+ Date: 2019-09-05
<asteriskteam@digium.com>
Security Advisories:
- * AST-2019-002,AST-2019-003
+ * AST-2019-004
The data in this summary reflects changes that have been made since the
- previous release, asterisk-15.7.2.
+ previous release, asterisk-15.7.3.
----------------------------------------------------------------------
issues that they reported that were affected by commits that went into
this release.
- Coders Testers Reporters
- 1 Francesco Castellano 1 Gil Richard
- 1 George Joseph 1 Gil Richard
- 1 Francesco Castellano
+ Coders Testers Reporters
+ 1 Alexei Gradinari (license 5691) 1 Alexei Gradinari
----------------------------------------------------------------------
Security
- Category: Channels/chan_sip/Interoperability
+ Category: Resources/res_pjsip_t38
- ASTERISK-28465: Broken SDP can cause a segfault in a T.38 reINVITE
- Reported by: Francesco Castellano
- * [74835b30c8] Francesco Castellano -- chan_sip: Handle invalid SDP
- answer to T.38 re-invite
-
- Category: Resources/res_pjsip_messaging
-
- ASTERISK-28447: res_pjsip_messaging: In-dialog MESSAGE with no body causes
- crash
- Reported by: Gil Richard
- * [08cf3516c4] George Joseph -- res_pjsip_messaging: Check for body in
- in-dialog message
+ ASTERISK-28495: res_pjsip_t38: 200 OK with SDP answer with declined stream
+ causes crash
+ Reported by: Alexei Gradinari
+ * [b49f09a292] Alexei Gradinari -- AST-2019-004 - res_pjsip_t38.c: Add
+ NULL checks before using session media
----------------------------------------------------------------------
This is a summary of the changes to the source code that went into this
release that was generated using the diffstat utility.
- 0 files changed
+ res_pjsip_t38.c | 46 +++++++++++++++++++++++++---------------------
+ 1 file changed, 25 insertions(+), 21 deletions(-)
projects / thirdparty / asterisk.git / commitdiff
