[test-results] [Bamboo] No agents to build plan Asterisk - 1.6.2 - Ubuntu Lucid (10.04) - amd64
Bamboo
bamboo at asterisk.org
Mon Apr 23 09:24:05 CDT 2012
-------------------------------------------------------------------------------
AST162-LUCID-AMD64-428 has been queued, but there's no agent capable of building it.
-------------------------------------------------------------------------------
http://bamboo.asterisk.org/browse/AST162-LUCID-AMD64/log
--------------
Code Changes
--------------
jrose (363117):
>AST-2012-004: Fix an error that allows AMI users to run shell commands sans authorization.
>
>As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
>actions were able to run system commands by going through other AMI commands which did
>not require that authorization. Specifically, GetVar and Status allowed users to do this
>by setting their variable/s options to the SHELL or EVAL functions.
>Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
>allowed users with originate permission to run MixMonitor and supply a shell command
>in the Data argument. That flaw is fixed in those versions of this patch.
>
>(closes issue ASTERISK-17465)
>Reported By: David Woolley
>Patches:
> 162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
> 18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
> 10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
>
>
--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20120423/d84d8944/attachment.htm>
More information about the Test-results
mailing list