339d3e82e8
Fixes the following security issues: - AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. - AST-2020-002: Outbound INVITE loop on challenge with different nonce If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. For details, see the announcement: https://www.asterisk.org/asterisk-news/asterisk-13-37-1-16-14-1-17-8-1-18-0-1-and-16-8-cert5-now-available-security/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-sounds-do-not-download-and-check-sha1s.patch | ||
| 0002-configure-fix-detection-of-libcrypt.patch | ||
| 0003-build-ensure-target-directory-for-modules-exists.patch | ||
| 0004-install-samples-need-the-data-files.patch | ||
| 0005-configure-fix-detection-of-re-entrant-resolver-funct.patch | ||
| Config.in | ||
| asterisk.hash | ||
| asterisk.mk | ||