git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Mark Michelson <mmichelson@digium.com>
	Wed, 28 Jan 2015 17:24:30 +0000 (17:24 +0000)
committer	Mark Michelson <mmichelson@digium.com>
	Wed, 28 Jan 2015 17:24:30 +0000 (17:24 +0000)
commit	dd09f40e868149e81cb3bc74e3e37402c53f1a27
tree	9d1242813a2c2427024ab81c70f6d20948539168	tree
parent	e61444373cd1ee758a4c8f495b5428b487744b57	commit \| diff

Multiple revisions 431297-431298

........
  r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines

  Mitigate possible HTTP injection attacks using CURL() function in Asterisk.

  CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
  can be performed given properly-crafted URLs.

  Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
  get cURL URLs from user input or remote sources, we have made a patch to Asterisk
  to prevent such HTTP injection attacks from originating from Asterisk.

  ASTERISK-24676 #close
  Reported by Matt Jordan

  Review: https://reviewboard.asterisk.org/r/4364

  AST-2015-002
........
  r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines

  Fix compilation error from previous patch.
........

Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@431299 65c4cc65-6c06-0410-ace0-fbb531ad65f3