bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[package] asterisk-1.8.x: add patch to fix CVE-2012-2186

Browse Source 
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33541 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
florian 2012-09-25 13:37:04 +00:00
parent 383fa26083
commit f727451c17
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/asterisk-1.8.x/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=asterisk18 PKG_NAME:=asterisk18
PKG_VERSION:=1.8.10.1 PKG_VERSION:=1.8.10.1
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://downloads.asterisk.org/pub/telephony/asterisk/releases/ PKG_SOURCE_URL:=http://downloads.asterisk.org/pub/telephony/asterisk/releases/

10
net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch Normal file
View File

@ -0,0 +1,10 @@
--- a/main/manager.c
+++ b/main/manager.c
@@ -4020,6 +4020,7 @@ static int action_originate(struct manse
TryExec(System(rm -rf /)) */
strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /)
EAGI(/bin/rm,-rf /) */
+ strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf) */
strstr(appdata, "SHELL") || /* NoOp(${SHELL(rm -rf /)}) */
strstr(appdata, "EVAL") /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
)) {