diff options
author | Mark Michelson <mmichelson@digium.com> | 2015-01-28 17:34:02 +0000 |
---|---|---|
committer | Mark Michelson <mmichelson@digium.com> | 2015-01-28 17:34:02 +0000 |
commit | 25a67d561c521d057312454965bbffe9074703cf (patch) | |
tree | 917b0192fab3436dc74079451602f14b184a4fd9 /res/res_pjsip_t38.c | |
parent | c3add776af2fc339de0c07f336d8b6eb9d55d062 (diff) |
Multiple revisions 431297-431298
........
r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines
Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.
Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.
ASTERISK-24676 #close
Reported by Matt Jordan
Review: https://reviewboard.asterisk.org/r/4364
AST-2015-002
........
r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines
Fix compilation error from previous patch.
........
Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11
........
Merged revisions 431299 from http://svn.asterisk.org/svn/asterisk/branches/12
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@431301 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res/res_pjsip_t38.c')
0 files changed, 0 insertions, 0 deletions