-
Peter Korsgaard authored
Fixes the following security issues: * AST-2017-014: Crash in PJSIP resource when missing a contact header A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point. For more details, see the announcement: https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> (cherry picked from commit 4f13dc362d5c9c63fb5a21ede7cf902c1281cef0) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
4fb281db