Multiple revisions 431297-431298 - asterisk.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Mark Michelson <mmichelson@digium.com>	2015-01-28 17:34:02 +0000
committer	Mark Michelson <mmichelson@digium.com>	2015-01-28 17:34:02 +0000
commit	25a67d561c521d057312454965bbffe9074703cf (patch)
tree	917b0192fab3436dc74079451602f14b184a4fd9 /res/res_pjsip_t38.c
parent	c3add776af2fc339de0c07f336d8b6eb9d55d062 (diff)

Multiple revisions 431297-431298

........ r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines Mitigate possible HTTP injection attacks using CURL() function in Asterisk. CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection can be performed given properly-crafted URLs. Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may get cURL URLs from user input or remote sources, we have made a patch to Asterisk to prevent such HTTP injection attacks from originating from Asterisk. ASTERISK-24676 #close Reported by Matt Jordan Review: https://reviewboard.asterisk.org/r/4364 AST-2015-002 ........ r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines Fix compilation error from previous patch. ........ Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 431299 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@431301 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Diffstat (limited to 'res/res_pjsip_t38.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: