[test-results] [Bamboo] Asterisk Testing > AST1.8-digiumphones > #18 has FAILED. Change made by qwell.
Bamboo
bamboo at asterisk.org
Mon Apr 23 17:59:14 CDT 2012
-----------------------------------------------------------------------
Asterisk Testing > AST1.8-digiumphones > #18 failed.
-----------------------------------------------------------------------
Code has been updated by qwell.
2/2 jobs failed, with 0 failing tests.
http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-18/
--------------
Failing Jobs
--------------
- Asterisk 1.8 CentOS 6 32-Bit (CentOS 6): 82 tests passed.
- Asterisk 1.8 CentOS 6 64-Bit (CentOS 6): 83 tests passed.
--------------
Code Changes
--------------
qwell (363161):
>Multiple revisions 363102,363106,363141
>
>........
> r363102 | mjordan | 2012-04-23 08:37:55 -0500 (Mon, 23 Apr 2012) | 16 lines
>
> AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling
>
> When handling a keypad button message event, the received digit is placed into
> a fixed length buffer that acts as a queue. When a new message event is
> received, the length of that buffer is not checked before placing the new digit
> on the end of the queue. The situation exists where sufficient keypad button
> message events would occur that would cause the buffer to be overrun. This
> patch explicitly checks that there is sufficient room in the buffer before
> appending a new digit.
>
> (closes issue ASTERISK-19592)
> Reported by: Russell Bryant
> ........
>
> Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
>........
> r363106 | mjordan | 2012-04-23 09:05:02 -0500 (Mon, 23 Apr 2012) | 17 lines
>
> AST-2012-006: Fix crash in UPDATE handling when no channel owner exists
>
> If Asterisk receives a SIP UPDATE request after a call has been terminated and
> the channel has been destroyed but before the SIP dialog has been destroyed, a
> condition exists where a connected line update would be attempted on a
> non-existing channel. This would cause Asterisk to crash. The patch resolves
> this by first ensuring that the SIP dialog has an owning channel before
> attempting a connected line update. If an UPDATE request is received and no
> channel is associated with the dialog, a 481 response is sent.
>
> (closes issue ASTERISK-19770)
> Reported by: Thomas Arimont
> Tested by: Matt Jordan
> Patches:
> ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)
>........
> r363141 | jrose | 2012-04-23 09:33:16 -0500 (Mon, 23 Apr 2012) | 20 lines
>
> AST-2012-004: Fix an error that allows AMI users to run shell commands sans authorization.
>
> As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
> actions were able to run system commands by going through other AMI commands which did
> not require that authorization. Specifically, GetVar and Status allowed users to do this
> by setting their variable/s options to the SHELL or EVAL functions.
> Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
> allowed users with originate permission to run MixMonitor and supply a shell command
> in the Data argument. That flaw is fixed in those versions of this patch.
>
> (closes issue ASTERISK-17465)
> Reported By: David Woolley
> Patches:
> 162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
> 18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
> 10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
> ........
>
> Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
>........
>
>Merged revisions 363102,363106,363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
>
--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20120423/0622d1ba/attachment.htm>
More information about the Test-results
mailing list