mirror of
https://github.com/godotengine/buildroot.git
synced 2025-12-31 09:48:56 +03:00
efb4c2ffcc
Fixes the following security issues:
AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
There is a stack overflow vulnerability in the res_http_websocket.so module of
Asterisk that allows an attacker to crash Asterisk via a specially crafted
HTTP request to upgrade the connection to a websocket. The attacker’s
request causes Asterisk to run out of stack space and crash.
For more details, see the announcement:
https://www.asterisk.org/downloads/asterisk-news/asterisk-13231-1478-1561-and-1321-cert3-now-available-security-release
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Peter: mark as security fix, extend commit message]
(cherry picked from commit 19b64c2286)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>