ChangeLog: Updated for 13.7.1

diff --git a/ChangeLog b/ChangeLog
index 8620e257330aefcd2f154926520f94ef03edb578..a0d551f2ab7b666981b028a3682af7dcca89b766 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,72 @@
+2016-02-03 21:33 +0000  Asterisk Development Team <asteriskteam@digium.com>
+
+       * asterisk 13.7.1 Released.
+
+2016-02-03 15:33 +0000 [d99d10bd4c]  Kevin Harwell <kharwell@lunkwill.digium.internal>
+
+       * Release summaries: Remove previous versions
+
+2016-02-03 15:33 +0000 [e937a6db11]  Kevin Harwell <kharwell@lunkwill>
+
+       * .version: Update for 13.7.1
+
+2016-02-03 15:33 +0000 [30a6826f1e]  Kevin Harwell <kharwell@lunkwill>
+
+       * .lastclean: Update for 13.7.1
+
+2016-02-03 15:33 +0000 [1c79fa7eb8]  Kevin Harwell <kharwell@lunkwill>
+
+       * realtime: Add database scripts for 13.7.1
+
+2016-02-03 12:05 +0000 [1e7854dfa2]  Joshua Colp <jcolp@digium.com>
+
+       * AST-2016-001 http: Provide greater control of TLS and set modern defaults.
+
+         This change exposes the configuration of various aspects of the TLS
+         support and sets the default to the modern standards.
+
+         The TLS cipher is now set to the best values according to the
+         Mozilla OpSec team, different TLS versions can now be disabled, and
+         the cipher order can be forced to be that of the server instead of
+         the client.
+
+         ASTERISK-24972 #close
+
+         Change-Id: I0a10f2883f7559af5e48dee0901251dbf30d45b8
+2015-12-07 12:46 +0000 [b0646ff0da]  Richard Mudgett <rmudgett@digium.com>
+
+       * AST-2016-003 udptl.c: Fix uninitialized values.
+
+         Sending UDPTL packets to Asterisk with the right amount of missing
+         sequence numbers and enough redundant 0-length IFP packets, can make
+         Asterisk crash.
+
+         ASTERISK-25603 #close
+         Reported by: Walter Doekes
+
+         ASTERISK-25742 #close
+         Reported by: Torrey Searle
+
+         Change-Id: I97df8375041be986f3f266ac1946a538023a5255
+2015-09-28 17:07 +0000 [f08083f0f0]  Richard Mudgett <rmudgett@digium.com>
+
+       * AST-2016-002 chan_sip.c: Fix retransmission timeout integer overflow.
+
+         Setting the sip.conf timert1 value to a value higher than 1245 can cause
+         an integer overflow and result in large retransmit timeout times.  These
+         large timeout times hold system file descriptors hostage and can cause the
+         system to run out of file descriptors.
+
+         NOTE: The default sip.conf timert1 value is 500 which does not expose the
+         vulnerability.
+
+         * The overflow is now detected and the previous timeout time is
+         calculated.
+
+         ASTERISK-25397 #close
+         Reported by: Alexander Traud
+
+         Change-Id: Ia7231f2f415af1cbf90b923e001b9219cff46290
 2016-01-15 19:01 +0000  Asterisk Development Team <asteriskteam@digium.com>
 
        * asterisk 13.7.0 Released.