mirror of https://github.com/asterisk/asterisk
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
152 lines
5.5 KiB
152 lines
5.5 KiB
Release Summary
|
|
|
|
asterisk-certified/11.6-cert17
|
|
|
|
Date: 2017-08-31
|
|
|
|
<asteriskteam@digium.com>
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Table of Contents
|
|
|
|
1. Summary
|
|
2. Contributors
|
|
3. Closed Issues
|
|
4. Diffstat
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Summary
|
|
|
|
[Back to Top]
|
|
|
|
This release has been made to address one or more security vulnerabilities
|
|
that have been identified. A security advisory document has been published
|
|
for each vulnerability that includes additional information. Users of
|
|
versions of Asterisk that are affected are strongly encouraged to review
|
|
the advisories and determine what action they should take to protect their
|
|
systems from these issues.
|
|
|
|
Security Advisories:
|
|
|
|
* AST-2017-005,AST-2017-006
|
|
|
|
The data in this summary reflects changes that have been made since the
|
|
previous release, asterisk-certified/11.6-cert16.
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Contributors
|
|
|
|
[Back to Top]
|
|
|
|
This table lists the people who have submitted code, those that have
|
|
tested patches, as well as those that reported issues on the issue tracker
|
|
that were resolved in this release. For coders, the number is how many of
|
|
their patches (of any size) were committed into this release. For testers,
|
|
the number is the number of times their name was listed as assisting with
|
|
testing a patch. Finally, for reporters, the number is the number of
|
|
issues that they reported that were affected by commits that went into
|
|
this release.
|
|
|
|
Coders Testers Reporters
|
|
1 Corey Farrell 1 Joshua Colp
|
|
1 Joshua Colp 1 Corey Farrell
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Closed Issues
|
|
|
|
[Back to Top]
|
|
|
|
This is a list of all issues from the issue tracker that were closed by
|
|
changes that went into this release.
|
|
|
|
Bug
|
|
|
|
Category: Applications/app_minivm
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Applications/app_mixmonitor
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Applications/app_system
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Applications/app_voicemail
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Channels/chan_dahdi
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Core/General
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Functions/func_shell
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Resources/res_monitor
|
|
|
|
ASTERISK-27103: core: ast_safe_system command injection possible.
|
|
Reported by: Corey Farrell
|
|
* [4c4e7303a8] Corey Farrell -- AST-2017-006: Fix app_minivm application
|
|
MinivmNotify command injection
|
|
|
|
Category: Resources/res_rtp_asterisk
|
|
|
|
ASTERISK-27013: res_rtp_asterisk: Media can be hijacked even with strict
|
|
RTP enabled
|
|
Reported by: Joshua Colp
|
|
* [04c45758ca] Joshua Colp -- res_rtp_asterisk: Only learn a new source
|
|
in learn state.
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Diffstat Results
|
|
|
|
[Back to Top]
|
|
|
|
This is a summary of the changes to the source code that went into this
|
|
release that was generated using the diffstat utility.
|
|
|
|
README-SERIOUSLY.bestpractices.txt | 7 ++
|
|
apps/app_minivm.c | 36 +++++++++-----
|
|
apps/app_mixmonitor.c | 10 +++
|
|
apps/app_system.c | 10 +++
|
|
configs/minivm.conf.sample | 2
|
|
funcs/func_shell.c | 5 +
|
|
include/asterisk/app.h | 31 +++++++++++-
|
|
main/asterisk.c | 93 +++++++++++++++++++++++++++++++------
|
|
res/res_monitor.c | 13 +++--
|
|
res/res_rtp_asterisk.c | 70 +++++++++++++++------------
|
|
10 files changed, 213 insertions(+), 64 deletions(-)
|