-
- Downloads
Multiple revisions 431297-431298
........ r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines Mitigate possible HTTP injection attacks using CURL() function in Asterisk. CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection can be performed given properly-crafted URLs. Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may get cURL URLs from user input or remote sources, we have made a patch to Asterisk to prevent such HTTP injection attacks from originating from Asterisk. ASTERISK-24676 #close Reported by Matt Jordan Review: https://reviewboard.asterisk.org/r/4364 AST-2015-002 ........ r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines Fix compilation error from previous patch. ........ Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 431299 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 431301 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@431302 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Loading
Please register or sign in to comment