On Mon, Dec 08, 2014 at 07:36:11AM +0200, Tzafrir Cohen wrote: > On Sat, Nov 29, 2014 at 10:33:31PM +0100, Moritz Muehlenhoff wrote: > > Source: asterisk > > Severity: grave > > Tags: security > > > > Please see > > http://downloads.digium.com/pub/security/AST-2014-018.html > > http://downloads.digium.com/pub/security/AST-2014-017.html > > http://downloads.digium.com/pub/security/AST-2014-014.html > > http://downloads.digium.com/pub/security/AST-2014-012.html > > 012 was already "fixed" (in a version uploaded to Unstable, but didn't > stay there long enough). Sadly Unstable has Asterisk 13, and thus those > need to be pushed directly to Jessie. > > I created a Jessie branch in git with those fixes.
Thanks > Sadly I didn't have the time to properly document them. What kind of documentation should be added? In debian/patches/AST-2014-014.patch is From 90cdc0d1c75ac44837da9ff4a6cecf754d99e4f9 Mon Sep 17 00:00:00 2001 From: Joshua Colp <jc...@digium.com> Date: Thu, 20 Nov 2014 14:20:08 +0000 Subject: [PATCH 1/3] AST-2014-014: Fix race condition where channels may get stuck in ConfBridge under load. Under load it was possible for the bridging API, and thus ConfBridge, to get channels that may have hung up stuck in it. This is because handling of state transitions for a bridged channel within a bridge was not protected and simply set the new state without regard to the existing state. If the existing state had been hung up this would get overwritten. This change adds locking to protect changing of the state and also takes into consideration the existing state. ASTERISK-24440 #close Reported by: Ben Klang Review: https://reviewboard.asterisk.org/r/4173/ git-svn-id: http://svn.asterisk.org/svn/asterisk/branches/11@428299 f38db490-d61c-443f-a65b-d21fe96a405b --- main/bridging.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/main/bridging.c b/main/bridging.c index a36ccf9..0f8f4e8 100644 --- a/main/bridging.c +++ b/main/bridging.c Groeten Geert Stappers -- Leven en laten leven -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
