From 211d2836de28a51a91c1cb27f1ab16eba05c9b51 Mon Sep 17 00:00:00 2001 From: kharwell Date: Wed, 3 Feb 2016 16:33:58 -0500 Subject: [PATCH] ChangeLog: Updated for 13.7.1 --- ChangeLog | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8620e25733..a0d551f2ab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,72 @@ +2016-02-03 21:33 +0000 Asterisk Development Team + + * asterisk 13.7.1 Released. + +2016-02-03 15:33 +0000 [d99d10bd4c] Kevin Harwell + + * Release summaries: Remove previous versions + +2016-02-03 15:33 +0000 [e937a6db11] Kevin Harwell + + * .version: Update for 13.7.1 + +2016-02-03 15:33 +0000 [30a6826f1e] Kevin Harwell + + * .lastclean: Update for 13.7.1 + +2016-02-03 15:33 +0000 [1c79fa7eb8] Kevin Harwell + + * realtime: Add database scripts for 13.7.1 + +2016-02-03 12:05 +0000 [1e7854dfa2] Joshua Colp + + * AST-2016-001 http: Provide greater control of TLS and set modern defaults. + + This change exposes the configuration of various aspects of the TLS + support and sets the default to the modern standards. + + The TLS cipher is now set to the best values according to the + Mozilla OpSec team, different TLS versions can now be disabled, and + the cipher order can be forced to be that of the server instead of + the client. + + ASTERISK-24972 #close + + Change-Id: I0a10f2883f7559af5e48dee0901251dbf30d45b8 +2015-12-07 12:46 +0000 [b0646ff0da] Richard Mudgett + + * AST-2016-003 udptl.c: Fix uninitialized values. + + Sending UDPTL packets to Asterisk with the right amount of missing + sequence numbers and enough redundant 0-length IFP packets, can make + Asterisk crash. + + ASTERISK-25603 #close + Reported by: Walter Doekes + + ASTERISK-25742 #close + Reported by: Torrey Searle + + Change-Id: I97df8375041be986f3f266ac1946a538023a5255 +2015-09-28 17:07 +0000 [f08083f0f0] Richard Mudgett + + * AST-2016-002 chan_sip.c: Fix retransmission timeout integer overflow. + + Setting the sip.conf timert1 value to a value higher than 1245 can cause + an integer overflow and result in large retransmit timeout times. These + large timeout times hold system file descriptors hostage and can cause the + system to run out of file descriptors. + + NOTE: The default sip.conf timert1 value is 500 which does not expose the + vulnerability. + + * The overflow is now detected and the previous timeout time is + calculated. + + ASTERISK-25397 #close + Reported by: Alexander Traud + + Change-Id: Ia7231f2f415af1cbf90b923e001b9219cff46290 2016-01-15 19:01 +0000 Asterisk Development Team * asterisk 13.7.0 Released. -- 2.47.3