diff options
author | Mark Michelson <mmichelson@digium.com> | 2015-01-28 17:34:57 +0000 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2015-01-28 17:34:57 +0000 |
commit | 3cccfac399e2330b5a4084b806db8f2f18ebf0f2 (patch) | |
tree | 0c77d5d9956607e7b929bf0d31817fac6eb7f7c9 /res/res_pjsip_session.c | |
parent | f080ca65367a7725889ffd9acb6179b9b150993d (diff) |
Multiple revisions 431297-431298
........
r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines
Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.
Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.
ASTERISK-24676 #close
Reported by Matt Jordan
Review: https://reviewboard.asterisk.org/r/4364
AST-2015-002
........
r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines
Fix compilation error from previous patch.
........
Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 431299 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 431301 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431302 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res/res_pjsip_session.c')
0 files changed, 0 insertions, 0 deletions