Author: George Joseph + Date: 2025-08-28
+In the highly-unlikely event that get_authorization_hdr() couldn't find an + Authorization header in a request, trying to get the digest algorithm + would cauase a SEGV. We now check that we have an auth header that matches + the realm before trying to get the algorithm from it.
+Resolves: #GHSA-64qc-9x89-rx5j
+ diff --git a/ChangeLogs/ChangeLog-21.10.2.md b/ChangeLogs/ChangeLog-21.10.2.md new file mode 100644 index 0000000000..002108c884 --- /dev/null +++ b/ChangeLogs/ChangeLog-21.10.2.md @@ -0,0 +1,60 @@ + +## Change Log for Release asterisk-21.10.2 + +### Links: + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.2.html) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.1...21.10.2) + - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.10.2.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) + +### Summary: + +- Commits: 1 +- Commit Authors: 1 +- Issues Resolved: 0 +- Security Advisories Resolved: 1 + - [GHSA-64qc-9x89-rx5j](https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j): A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash + +### User Notes: + + +### Upgrade Notes: + + +### Developer Notes: + + +### Commit Authors: + +- George Joseph: (1) + +## Issue and Commit Detail: + +### Closed Issues: + + - !GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash + +### Commits By Author: + +- #### George Joseph (1): + - res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. + + +### Commit List: + +- res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. + +### Commit Details: + +#### res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. + Author: George Joseph + Date: 2025-08-28 + + In the highly-unlikely event that get_authorization_hdr() couldn't find an + Authorization header in a request, trying to get the digest algorithm + would cauase a SEGV. We now check that we have an auth header that matches + the realm before trying to get the algorithm from it. + + Resolves: #GHSA-64qc-9x89-rx5j + diff --git a/README.html b/README.html index 772e6dcd70..8008744b2c 100644 --- a/README.html +++ b/README.html @@ -1,4 +1,4 @@ -By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
@@ -37,7 +37,7 @@ hardware.
If you are updating from a previous version of Asterisk, make sure you
read the Change Logs.
-
+
NEW INSTALLATIONS
diff --git a/README.md b/README.md
index a35d8ce995..c6dfd684ce 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you are updating from a previous version of Asterisk, make sure you
read the Change Logs.
-[Change Logs](ChangeLogs/ChangeLog-21.10.1.html)
+[Change Logs](ChangeLogs/ChangeLog-21.10.2.html)
### NEW INSTALLATIONS