ASTERWEB Blog

2Apr/120

Rilasciato Asterisk 10.3.0

Il giorno 29 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.3.0

Dal post originale:
The release of Asterisk 10.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

--- Fix potential buffer overrun and memory leak when executing "sip
show peers"
(Closes issue ASTERISK-19231. Reported by Thomas Arimont, Jamuel Starkey)
--- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389.)
--- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
(Closes issue ASTERISK-19011. Reported by Walter Doekes)
--- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
(Closes issue ASTERISK-19322. Reported by aragon)
--- Copy CDR variables when set during a bridge
(Closes issue ASTERISK-16990.)
--- push 'outgoing' flag from sig_XXX up to chan_dahdi
(Closes issue ASTERISK-19316. Reported by Jeremy Pepper)
For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.3.0

Inserito in: Asterisk Nessun commento
2Apr/120

Rilasciato Asterisk 1.8.11.0

Il giorno 29 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.11.0

Dal post originale:
The release of Asterisk 1.8.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

--- Fix potential buffer overrun and memory leak when executing "sip
show peers"
(Closes issue ASTERISK-19231. Reported by Thomas Arimont, Jamuel Starkey)
--- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389.)
--- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
(Closes issue ASTERISK-19011. Reported by Walter Doekes)
--- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
(Closes issue ASTERISK-19322. Reported by aragon)
--- Copy CDR variables when set during a bridge
(Closes issue ASTERISK-16990.)
--- push 'outgoing' flag from sig_XXX up to chan_dahdi
(Closes issue ASTERISK-19316. Reported by Jeremy Pepper)
For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.11.0

Inserito in: Asterisk Nessun commento
19Mar/120

Rilasciate le Security Release di Asterisk 1.4.44, 16.2.23, 1.8.10.1, 10.2.1

Il giorno 15 marzo, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk: 1.4.44, 16.2.23, 1.8.10.1, 10.2.1 Now Available (Security Release)

Dal post originale:
The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein app_milliwatt
can potentially overrun a buffer on the stack, causing Asterisk to crash. This
does not have the potential for remote code execution.

The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues. First, they
resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun
on the stack, but no remote code execution is possible. Second, they resolve
an issue in HTTP AMI where digest authentication information can be used to
overrun a buffer on the stack, allowing for code injection and execution.

These issues and their resolution are described in the security advisory.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2012-002 and AST-2012-003, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

The security advisories are available at:

http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
http://downloads.asterisk.org/pub/security/AST-2012-003.pdf

4Feb/120

Rilasciato Asterisk 10.2.0-rc1

Il giorno 01 febbraio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.2.0-rc1

Dal post originale:
The release of Asterisk 10.2.0-rc1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Include iLBC source code for distribution with Asterisk

Clarification regarding the iLBC source code was provided by Google, and the
appropriate licenses have been included in the codecs/ilbc folder.
(closes issue: ASTERISK-18943) Reporter: Leif Madsen
Fix crash from bridge channel hangup race condition in ConfBridge

This patch addresses two issues in ConfBridge and the channel bridge layer:
1. It fixes a race condition wherein the bridge channel could be hung up
2. It removes the deadlock avoidance from the bridging layer and makes
the bridge_pvt an ao2 ref counted object
(issue ASTERISK-18988, ASTERISK-18885, ASTERISK-19100)
Reported by: Dmitry Melekhov, Alexander Akimov
Don't do a DNS lookup on an outbound REGISTER host if there is an
outbound proxy configured.
(closes issue ASTERISK-16550) reported by: Olle Johansson
Create and initialize udptl only when a dialog negotiates for image media

Prior to this patch, the udptl struct was allocated and initialized when a
dialog was associated with a peer that supported T.38, when a new SIP
channel was allocated, or when an INVITE request was received. This resulted
in any dialog associated with a peer that supported T.38 having udptl
support assigned to it, including the UDP ports needed for
communication. This patch creates and initializes the udptl structure only
when the SDP for a dialog specifies that image media is supported, or when
Asterisk indicates that a dialog needs to support T.38.
(closes issue ASTERISK-16698, ASTERISK-16794)
Reported by: under, Elazar; Tested by: Stefan Schmidt
Allow only one thread at time to do Asterisk cleanup/shutdown

Add locking around the really-really-quit part of the core stop/restart part.
Previously more than one thread could be called to do cleanup, causing atexit
handlers to be run multiple times, in turn causing segfaults.
(issue ASTERISK-18883)
Patch by: Walter Doekes
Fix outbound DTMF for inband mode in chan_ooh323

This tells asterisk core to generate DTMF sounds. (Closes issue
ASTERISK-19233) Reported by: Matt Behrens Patches:
chan_ooh323.c.patch uploaded by Matt Behrens (License #6346)

And much more! For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Inserito in: Asterisk Nessun commento
29Gen/120

Rilasciato Asterisk 10.1.0

Il giorno 27 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.1.0

Dal post originale:
The release of Asterisk 10.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded.
(closes issue ASTERISK-19202) Reported by: Catalin Sanda
Allow playback of formats that don't support seeking.

ast_streamfile previously did unconditional seeking on files that broke playback of
formats that don't support that functionality. This patch avoids the
seek that was causing the problem.
(closes issue ASTERISK-18994) Patched by: Timo Teras
Add pjmedia probation concepts to res_rtp_asterisk's learning mode.

In order to better handle RTP sources with strictrtp enabled (which is the
default setting in 10) using the learning mode to figure out new sources
when they change is handled by checking for a number of consecutive (by
sequence number) packets received to an rtp struct based on a new
configurable value called 'probation'. Also, during learning mode instead
of liberally accepting all packets received, we now reject packets until a
clear source has been determined.
Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.

Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
Fix timing source dependency issues with MOH.

Prior to this patch, res_musiconhold existed at the same module priority level
as the timing sources that it depends on. This would cause a problem when music
on hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
Fix RTP reference leak.

If a blind transfer were initiated using a REFER without a prior reINVITE
to place the call on hold, AND if Asterisk were sending RTCP reports, then
there was a reference leak for the RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
Fix blind transfers from failing if an 'h' extension is present.

This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
Restore call progress code for analog ports.

Extracting sig_analog from chan_dahdi lost call progress detection
functionality. Fix analog ports from considering a call answered
immediately after dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.0

Inserito in: Asterisk Nessun commento
29Gen/120

Rilasciato Asterisk 1.8.9.0

Il giorno 27 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.9.0

Dal post originale:
The release of Asterisk 1.8.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded.
(closes issue ASTERISK-19202) Reported by: Catalin Sanda
Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.

Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
Fix timing source dependency issues with MOH.

Prior to this patch, res_musiconhold existed at the same module priority level
as the timing sources that it depends on. This would cause a problem when music
on hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
Fix RTP reference leak.

If a blind transfer were initiated using a REFER without a prior reINVITE
to place the call on hold, AND if Asterisk were sending RTCP reports, then
there was a reference leak for the RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
Fix blind transfers from failing if an 'h' extension is present.

This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
Restore call progress code for analog ports.

Extracting sig_analog from chan_dahdi lost call progress detection
functionality. Fix analog ports from considering a call answered
immediately after dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.0

Inserito in: Asterisk Nessun commento
29Gen/120

Rilasciati Asterisk 1.8.8.2, 10.0.1 (Security Release)

Il giorno 19 gennaio, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk 1.8.8.2 e 10.0.1

Dal post originale:
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk versions 1.8.8.2 and 10.0.1 resolves an issue
wherein an attacker attempting to negotiate a secure video stream can crash
Asterisk if video support has not been enabled and the res_srtp Asterisk
module is loaded.

The issue and its resolution is described in the security advisory.

For more information about the details of these vulnerabilities, please read the
security advisory AST-2012-001, which were released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2012-001 is available at:

http://downloads.asterisk.org/pub/security/AST-2012-001.pdf

15Dic/110

Rilasciato Asterisk 10.0.0-rc3

Il giorno 09 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 10.0.0-rc3

Dal post originale:
The Asterisk Development Team has announced the third release candidate of
Asterisk 10.0.0. This release candidate is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 10.0.0-rc3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Add ASTSBINDIR to the list of configurable paths
This patch also makes astdb2sqlite3 and astcanary use the configured
directory instead of relying on $PATH.

Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible
to crash Asterisk by sending an INFO request if no channel had been
created yet.

Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.

Fix a change in behavior in 'database show' from 1.8.
In 1.8 and previous versions, one could use any fullword portion of
the key name, including the full key, to obtain the record. Until this
patch, this did not work for the full key.

Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and
user/peer nat settings differ in whether to respond to the port a request is
sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would mean when one
was nat=force_rport and the other was nat=no.

In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all
possible.

Fixed SendMessage stripping extension from To: header in SIP MESSAGE
When using the MessageSend application to send a SIP MESSAGE to a
non-peer, chan_sip stripped off the extension and failed to add it back
to the sip_pvt structure before transmitting. This patch adds the full
URI passed in from the message core to the sip_pvt structure.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.0.0-rc3

Inserito in: Asterisk Nessun commento
15Dic/110

Rilasciato Asterisk 1.8.8.0-rc5

Il giorno 09 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.8.0-rc5

Dal post originale:
he release of Asterisk 1.8.8.0-rc5 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release candidate:

Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible
to crash Asterisk by sending an INFO request if no channel had been
created yet.

Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.

Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and
user/peer nat settings differ in whether to respond to the port a request is
sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would mean when one
was nat=force_rport and the other was nat=no.

In order to address this problem, it was decided to switch the default
behavior to nat=yes/force_rport as it is the most commonly used option
and to strongly discourage setting nat per-peer/user when at all
possible.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc5

Inserito in: Asterisk Nessun commento
15Dic/110

Rilasciati Asterisk (Security Release) 1.4.43, 1.6.2.21 e 1.8.7.2

Il giorno 12 dicembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle versioni Asterisk  (Security Release) 1.4.43, 1.6.2.21 e 1.8.7.2

Dal post originale:
hese releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue
with possible remote enumeration of SIP endpoints with differing NAT settings.

The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash
possibility with SIP when the "automon" feature is enabled.

The issues and resolutions are described in the AST-2011-013 and AST-2011-014
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-013 and AST-2011-014, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-...

Security advisory AST-2011-013 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
Security advisory AST-2011-014 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-014.pdf

29Nov/110

Mercoledì 6 dicembre FREE WEBINAR parte II: “Monitoriamo i nostri Asterisk (e non solo) con Nagios”

Mercoledì 6 dicembre, dalle ore 14:00 alle ore 15:00, si terrà il FREE WEBINAR parte II: "Monitoriamo i nostri Asterisk (e non solo) con Nagios" organizzato in collaborazione con Sigmaware Srl ed aperto a tutti.

Questo incontro sarà di carattere esclusimamente tecnico. Vedremo:

  • struttura dei file di configurazione di Nagios
  • gestione contatti e alert
  • host e servizi da monitorare
  • ... altro ...

Attenzione: potete richiederci il pdf del precedente Free Webinar di Nagios, scrivendoci a webinar@sigmaware.it

Per l'adesione: www.asterweb.org nella home page, troverai il form da compilare.

Per qualsiasi info, puoi contattarci:

- CHAT: dal sito www.asterweb.org

- SKYPE: asterweb

- MSN: asterweb@tiscali.it

- TELEFONO: 02-45077711

 

Con l'auspicio di incontrarti al webinar, ti salutiamo cordialemte

ASTERWEB

Lo Staff

 

Il nostro software per tutte le distro.

Scopri le tante funzioni che trasformeranno il tuo centralino e miglioreranno l'organizzazione della tua Azienda. Scarica la DEMO gratuita. Clicca QUI

20Nov/110

FREE WEBINAR: “Monitoriamo i nostri Asterisk (e non solo) con Nagios”

Mercoledì 23 novembre, dalle ore 14:00 alle ore 15:00, si terrà il FREE WEBINAR: "Monitoriamo i nostri Asterisk (e non solo) con Nagios" organizzato in collaborazione con Sigmaware Srl ed aperto a tutti.

Vedremo come: 

  • configurare i servizi lato server
  • utilizzare i plugins
  • definire i servizi
  • ... altro ...

Per l'adesione: www.asterweb.org nella home page, troverai il form da compilare.

Per qualsiasi info, puoi contattarci:

- CHAT: dal sito www.asterweb.org

- SKYPE: asterweb

- MSN: asterweb@tiscali.it

- TELEFONO: 02-45077711

 

Con l'auspicio di incontrarti al webinar, ti salutiamo cordialemte

ASTERWEB

Lo Staff

 

Il nostro software per tutte le distro.

Scopri le tante funzioni che trasformeranno il tuo centralino e miglioreranno l'organizzazione della tua Azienda. Scarica la DEMO gratuita. Clicca QUI

18Nov/110

Rilasciato Asterisk 1.8.8.0-rc4

Il giorno 17 novembre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.8.0-rc4

Dal post originale:

The release of Asterisk 1.8.8.0-rc4 resolves a particular issue with BLF
subscriptions. A change in Asterisk 1.8.8.0-rc3 had the potential to cause a
segfault, and this release candidate was created to resolve that.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc4

Thank you for your continued support of Asterisk!

Inserito in: Asterisk Nessun commento
6Nov/110

FREE WEBINAR: “Asterisk: integrare Google Calendar”

Mercoledì 9 novembre, dalle ore 14:00 alle ore 15:00, si terrà il FREE WEBINAR: "Asterisk: integrare Google Calendar" organizzato in collaborazione con Sigmaware Srl ed aperto a tutti.

Vedremo come: 

  • leggere i dati del Calendar
  • effettuare operazioni lato Asterisk sul DialPlan
  • scrivere sul Calendar
  • ... altro ...

Per l'adesione: www.asterweb.org nella home page, troverai il form da compilare.

Per qualsiasi info, puoi contattarci:

- CHAT: dal sito www.asterweb.org

- SKYPE: asterweb

- MSN: asterweb@tiscali.it

- TELEFONO: 02-45077711

 

Con l'auspicio di incontrarti al webinar, ti salutiamo cordialemte

ASTERWEB

Lo Staff

 

Il nostro software per tutte le distro.

Scopri le tante funzioni che trasformeranno il tuo centralino e miglioreranno l'organizzazione della tua Azienda. Scarica la DEMO gratuita. Clicca QUI

2Nov/110

Rilasciato Asterisk 1.8.7.1 (Security Release)

Il giorno 17 ottobre, il Team di Sviluppo di Asterisk ha annunciato il rilascio della versione Asterisk 1.8.7.1 (Security Release)

Dal post originale:
The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which can
lead to a remotely exploitable crash:

Remote Crash Vulnerability in SIP channel driver (AST-2011-012)

The issue and resolution is described in the AST-2011-012 security
advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-012, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.7.1

Security advisory AST-2011-012 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-012.pdf