[Pkg-voip-commits] [asterisk] 01/06: Patch AST-2014-012 was left out

[tzafrir at debian.org]

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch jessie
in repository asterisk.

commit 45b1345189626437f49863f3539af3ad79a02ba4
Author: Tzafrir Cohen <tzafrir at debian.org>
Date:   Wed Dec 10 07:01:47 2014 +0200

    Patch AST-2014-012 was left out
---
 debian/patches/AST-2014-012.patch | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/debian/patches/AST-2014-012.patch b/debian/patches/AST-2014-012.patch
new file mode 100644
index 0000000..f12d6ce
--- /dev/null
+++ b/debian/patches/AST-2014-012.patch
@@ -0,0 +1,31 @@
+From 5927deff8aa3784ebb1ba3ada8d5c99b172642c7 Mon Sep 17 00:00:00 2001
+From: Mark Michelson <mmichelson at digium.com>
+Date: Thu, 20 Nov 2014 16:35:18 +0000
+Subject:  Fix error with mixed address family ACLs.
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=428417
+CVE: CVE-2014-8412
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-24469
+
+Prior to this commit, the address family of the first item in an ACL
+was used to compare all incoming traffic. This could lead to traffic
+of other IP address families bypassing ACLs.
+---
+ main/acl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/main/acl.c b/main/acl.c
+index ff93ba6..65d0f1d 100644
+--- a/main/acl.c
++++ b/main/acl.c
+@@ -776,7 +776,7 @@ enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockad
+ 		ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
+ 		ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
+ #endif
+-		if (ast_sockaddr_is_ipv4(&ha->addr)) {
++		if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
+ 			if (ast_sockaddr_is_ipv6(addr)) {
+ 				if (ast_sockaddr_is_ipv4_mapped(addr)) {
+ 					/* IPv4 ACLs apply to IPv4-mapped addresses */
+-- 
+2.1.3
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git