From cd05c6dd97eeaa95d16820a80edbdbc20d96cc99 Mon Sep 17 00:00:00 2001 From: Jeffrey C. Ollie Date: Jul 05 2012 21:44:13 +0000 Subject: 10.5.2 --- diff --git a/.gitignore b/.gitignore index e60244f..0d41a98 100644 --- a/.gitignore +++ b/.gitignore @@ -76,3 +76,5 @@ asterisk-1.8.0-beta3.tar.gz.asc /asterisk-10.4.2.tar.gz.asc /asterisk-10.5.1.tar.gz /asterisk-10.5.1.tar.gz.asc +/asterisk-10.5.2.tar.gz +/asterisk-10.5.2.tar.gz.asc diff --git a/asterisk.spec b/asterisk.spec index 4a43ec5..3c2b31b 100644 --- a/asterisk.spec +++ b/asterisk.spec @@ -28,8 +28,8 @@ Summary: The Open Source PBX Name: asterisk -Version: 10.5.1 -Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}.1 +Version: 10.5.2 +Release: 1%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist} License: GPLv2 Group: Applications/Internet URL: http://www.asterisk.org/ @@ -1359,6 +1359,44 @@ fi %{_libdir}/asterisk/modules/app_voicemail_plain.so %changelog +* Thu Jul 5 2012 Jeffrey Ollie - 10.5.2-1: +- The Asterisk Development Team has announced security releases for Certified +- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are +- released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones. +- +- These releases are available for immediate download at +- http://downloads.asterisk.org/pub/telephony/asterisk/releases +- +- The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones +- resolve the following two issues: +- +- * If Asterisk sends a re-invite and an endpoint responds to the re-invite with +- a provisional response but never sends a final response, then the SIP dialog +- structure is never freed and the RTP ports for the call are never released. If +- an attacker has the ability to place a call, they could create a denial of +- service by using all available RTP ports. +- +- * If a single voicemail account is manipulated by two parties simultaneously, +- a condition can occur where memory is freed twice causing a crash. +- +- These issues and their resolution are described in the security advisories. +- +- For more information about the details of these vulnerabilities, please read +- security advisories AST-2012-010 and AST-2012-011, which were released at the +- same time as this announcement. +- +- For a full list of changes in the current releases, please see the ChangeLogs: +- +- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert4 +- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1 +- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2 +- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2-digiumphones +- +- The security advisories are available at: +- +- * http://downloads.asterisk.org/pub/security/AST-2012-010.pdf +- * http://downloads.asterisk.org/pub/security/AST-2012-011.pdf + * Thu Jun 28 2012 Petr Pisar - 10.5.1-1.1 - Perl 5.16 rebuild diff --git a/sources b/sources index b01170c..c10a654 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -fbbea8a1ed26144cfa94b54df4adb3fd asterisk-10.5.1.tar.gz -42b4e85b5eea7a457c7e30327d895924 asterisk-10.5.1.tar.gz.asc +89ce2431ea99ee9645f76193d1566034 asterisk-10.5.2.tar.gz +fcef686bb5d7e73dd50b617140965e81 asterisk-10.5.2.tar.gz.asc