Multiple revisions 431297-431298 - asterisk.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Mark Michelson <mmichelson@digium.com>	2015-01-28 17:34:57 +0000
committer	Mark Michelson <mmichelson@digium.com>	2015-01-28 17:34:57 +0000
commit	3cccfac399e2330b5a4084b806db8f2f18ebf0f2 (patch)
tree	0c77d5d9956607e7b929bf0d31817fac6eb7f7c9 /res/res_pjsip_session.c
parent	f080ca65367a7725889ffd9acb6179b9b150993d (diff)

Multiple revisions 431297-431298

........ r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines Mitigate possible HTTP injection attacks using CURL() function in Asterisk. CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection can be performed given properly-crafted URLs. Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may get cURL URLs from user input or remote sources, we have made a patch to Asterisk to prevent such HTTP injection attacks from originating from Asterisk. ASTERISK-24676 #close Reported by Matt Jordan Review: https://reviewboard.asterisk.org/r/4364 AST-2015-002 ........ r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines Fix compilation error from previous patch. ........ Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 431299 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 431301 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431302 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Diffstat (limited to 'res/res_pjsip_session.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: