Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • dlublink/asterisk
  • bunk/asterisk
  • jasper-guest/asterisk
3 results
Show changes
Commits on Source (3)
16.15.0
\ No newline at end of file
16.15.1
\ No newline at end of file
2020-12-22 21:02 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 16.15.1 Released.
2020-12-22 15:02 +0000 [49fbd57889] Asterisk Development Team <asteriskteam@digium.com>
* Update for 16.15.1
2020-12-22 02:58 +0000 [354049e055] Torrey Searle <tsearle@voxbone.com>
* res/res_pjsip_diversion: prevent crash on tel: uri in History-Info
Add a check to see if the URI is a Tel URI and prevent crashing on
trying to retrieve the reason parameter.
ASTERISK-29191
ASTERISK-29219
Change-Id: I0320aa205f22cda511d60a2edf2b037e8fd6cc37
2020-11-19 12:34 +0000 Asterisk Development Team <asteriskteam@digium.com>
 
* asterisk 16.15.0 Released.
This diff is collapsed.
This diff is collapsed.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-16.15.1</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-16.15.1</h3><h3 align="center">Date: 2020-12-22</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
<li><a href="#summary">Summary</a></li>
<li><a href="#contributors">Contributors</a></li>
<li><a href="#open_issues">Open Issues</a></li>
<li><a href="#commits">Other Changes</a></li>
<li><a href="#diffstat">Diffstat</a></li>
</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
<li><a href="http://downloads.asterisk.org/pub/security/AST-2020-003,AST-2020-004.html">AST-2020-003,AST-2020-004</a></li>
</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-16.15.0.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
<tr valign="top"><td width="33%">1 Torrey Searle <tsearle@voxbone.com><br/>1 Asterisk Development Team <asteriskteam@digium.com><br/></td><td width="33%"><td width="33%">1 Mikhail Ivanov <mivanov@lanta-net.ru><br/>1 Torrey Searle <tsearle@gmail.com><br/></td></tr>
</table><hr><a name="open_issues"><h2 align="center">Open Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all open issues from the issue tracker that were referenced by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_pjsip_diversion</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29219">ASTERISK-29219</a>: res_pjsip_diversion: Crash if Tel URI contains History-Info<br/>Reported by: Torrey Searle<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=354049e055a2c0162d510f2c75d1580f80d0d6e6">[354049e055]</a> Torrey Searle -- res/res_pjsip_diversion: prevent crash on tel: uri in History-Info</li>
</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip_diversion</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29191">ASTERISK-29191</a>: tel: URI in Diversion header causes crash<br/>Reported by: Mikhail Ivanov<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=354049e055a2c0162d510f2c75d1580f80d0d6e6">[354049e055]</a> Torrey Searle -- res/res_pjsip_diversion: prevent crash on tel: uri in History-Info</li>
</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29191">ASTERISK-29191</a>: tel: URI in Diversion header causes crash<br/>Reported by: Mikhail Ivanov<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=354049e055a2c0162d510f2c75d1580f80d0d6e6">[354049e055]</a> Torrey Searle -- res/res_pjsip_diversion: prevent crash on tel: uri in History-Info</li>
</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1">
<tr><th>Revision</th><th>Author</th><th>Summary</th></tr>
<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=49fbd5788924f4d3d05165194b380ade69cacafb">49fbd57889</a></td><td>Asterisk Development Team</td><td>Update for 16.15.1</td></tr>
</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>asterisk-16.15.0-summary.html | 213 ---------------
asterisk-16.15.0-summary.txt | 543 ----------------------------------------
b/.version | 2
b/ChangeLog | 16 +
b/asterisk-16.15.1-summary.html | 17 +
b/asterisk-16.15.1-summary.txt | 47 +++
6 files changed, 81 insertions(+), 757 deletions(-)</pre><br></html>
\ No newline at end of file
Release Summary
asterisk-16.15.1
Date: 2020-12-22
<asteriskteam@digium.com>
----------------------------------------------------------------------
Table of Contents
1. Summary
2. Contributors
3. Open Issues
4. Other Changes
5. Diffstat
----------------------------------------------------------------------
Summary
[Back to Top]
This release has been made to address one or more security vulnerabilities
that have been identified. A security advisory document has been published
for each vulnerability that includes additional information. Users of
versions of Asterisk that are affected are strongly encouraged to review
the advisories and determine what action they should take to protect their
systems from these issues.
Security Advisories:
* AST-2020-003,AST-2020-004
The data in this summary reflects changes that have been made since the
previous release, asterisk-16.15.0.
----------------------------------------------------------------------
Contributors
[Back to Top]
This table lists the people who have submitted code, those that have
tested patches, as well as those that reported issues on the issue tracker
that were resolved in this release. For coders, the number is how many of
their patches (of any size) were committed into this release. For testers,
the number is the number of times their name was listed as assisting with
testing a patch. Finally, for reporters, the number is the number of
issues that they reported that were affected by commits that went into
this release.
Coders Testers Reporters
1 Torrey Searle 1 Mikhail Ivanov
1 Asterisk Development Team 1 Torrey Searle
----------------------------------------------------------------------
Open Issues
[Back to Top]
This is a list of all open issues from the issue tracker that were
referenced by changes that went into this release.
Security
Category: Resources/res_pjsip_diversion
ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains
History-Info
Reported by: Torrey Searle
* [354049e055] Torrey Searle -- res/res_pjsip_diversion: prevent crash
on tel: uri in History-Info
Bug
Category: Resources/res_pjsip_diversion
ASTERISK-29191: tel: URI in Diversion header causes crash
Reported by: Mikhail Ivanov
* [354049e055] Torrey Searle -- res/res_pjsip_diversion: prevent crash
on tel: uri in History-Info
Category: pjproject/pjsip
ASTERISK-29191: tel: URI in Diversion header causes crash
Reported by: Mikhail Ivanov
* [354049e055] Torrey Searle -- res/res_pjsip_diversion: prevent crash
on tel: uri in History-Info
----------------------------------------------------------------------
Commits Not Associated with an Issue
[Back to Top]
This is a list of all changes that went into this release that did not
reference a JIRA issue.
+------------------------------------------------------------------------+
| Revision | Author | Summary |
|----------------+-------------------------------+-----------------------|
| 49fbd57889 | Asterisk Development Team | Update for 16.15.1 |
+------------------------------------------------------------------------+
----------------------------------------------------------------------
Diffstat Results
[Back to Top]
This is a summary of the changes to the source code that went into this
release that was generated using the diffstat utility.
asterisk-16.15.0-summary.html | 213 ---------------
asterisk-16.15.0-summary.txt | 543 ----------------------------------------
b/.version | 2
b/ChangeLog | 16 +
b/asterisk-16.15.1-summary.html | 17 +
b/asterisk-16.15.1-summary.txt | 47 +++
6 files changed, 81 insertions(+), 757 deletions(-)
asterisk (1:16.15.1~dfsg-1) unstable; urgency=medium
* New upstream version 16.15.1~dfsg
- CVE-2020-35652 / AST-2020-003 + AST-2020-004 (Closes: #979372)
Remote crash in res_pjsip_diversion
-- Bernhard Schmidt <berni@debian.org> Sun, 17 Jan 2021 15:56:22 +0100
asterisk (1:16.15.0~dfsg-1) unstable; urgency=medium
* New upstream version 16.15.0~dfsg. fixes to CVEs
......
......@@ -314,8 +314,14 @@ static void set_redirecting_reason_by_cause(pjsip_name_addr *name_addr,
{
static const pj_str_t cause_name = { "cause", 5 };
pjsip_sip_uri *uri = pjsip_uri_get_uri(name_addr);
pjsip_param *cause = pjsip_param_find(&uri->other_param, &cause_name);
unsigned long cause_value;
pjsip_param *cause = NULL;
unsigned long cause_value = 0;
if (!PJSIP_URI_SCHEME_IS_SIP(uri) && !PJSIP_URI_SCHEME_IS_SIPS(uri)) {
return;
}
cause = pjsip_param_find(&uri->other_param, &cause_name);
if (!cause) {
return;
......@@ -377,6 +383,7 @@ static void set_redirecting(struct ast_sip_session *session,
ast_party_redirecting_init(&data);
memset(&update, 0, sizeof(update));
data.reason.code = AST_REDIRECTING_REASON_UNKNOWN;
if (from_info) {
set_redirecting_id((pjsip_name_addr*)from_info->uri,
&data.from, &update.from);
......