Commit 4fb281db authored by Peter Korsgaard's avatar Peter Korsgaard
Browse files

asterisk: security bump to version 14.7.5

Fixes the following security issues:

* AST-2017-014: Crash in PJSIP resource when missing a contact header A
  select set of SIP messages create a dialog in Asterisk.  Those SIP
  messages must contain a contact header.  For those messages, if the header
  was not present and using the PJSIP channel driver, it would cause
  Asterisk to crash.  The severity of this vulnerability is somewhat
  mitigated if authentication is enabled.  If authentication is enabled a
  user would have to first be authorized before reaching the crash point.

For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-13185-1475-1515-and-1318-cert2-now-available-security

Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit 4f13dc362d5c9c63fb5a21ede7cf902c1281cef0)
Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
parent 7b436600
# Locally computed
sha256 f85f6df802de485d9b8cb1bfa5493e22f6401dce8246646af9506489a264d7b1 asterisk-14.6.2.tar.gz
sha256 6525170fa16fecb08cb3cde2c1bd5d3140df55b14e4561ac0771fbd1e04b3b75 asterisk-14.7.5.tar.gz
# sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
# sha256 locally computed
......
......@@ -4,7 +4,7 @@
#
################################################################################
ASTERISK_VERSION = 14.6.2
ASTERISK_VERSION = 14.7.5
# Use the github mirror: it's an official mirror maintained by Digium, and
# provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment