mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-02 21:48:20 +03:00
c34e0b1cd5
Fixes the following security issues: - CVE-2022-37325: A zero length Called or Calling Party Number can cause a buffer under-run and Asterisk crash. https://downloads.asterisk.org/pub/security/AST-2022-007.html - CVE-2022-42705: Use after free in res_pjsip_pubsub.c may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time Asterisk is also performing activty on that subscription. https://downloads.asterisk.org/pub/security/AST-2022-008.html - CVE-2022-42706: AMI Users with “config” permissions may read files outside of Asterisk directory via GetConfig AMI Action even if “live_dangerously" is set to "no" https://downloads.asterisk.org/pub/security/AST-2022-009.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>