Author: Mike Bradeen + Date: 2026-03-25
+Address the following pjproject security vulnerabilities
+GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username + GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header + GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions + GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing
+Resolves: #1833
+ diff --git a/ChangeLogs/ChangeLog-certified-22.8-cert2.md b/ChangeLogs/ChangeLog-certified-22.8-cert2.md new file mode 100644 index 0000000000..4bc21af171 --- /dev/null +++ b/ChangeLogs/ChangeLog-certified-22.8-cert2.md @@ -0,0 +1,60 @@ + +## Change Log for Release asterisk-certified-22.8-cert2 + +### Links: + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-22.8-cert2.html) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-22.8-cert1...certified-22.8-cert2) + - [Tarball](https://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-22.8-cert2.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/certified-asterisk) + +### Summary: + +- Commits: 1 +- Commit Authors: 1 +- Issues Resolved: 1 +- Security Advisories Resolved: 0 + +### User Notes: + + +### Upgrade Notes: + + +### Developer Notes: + + +### Commit Authors: + +- Mike Bradeen: (1) + +## Issue and Commit Detail: + +### Closed Issues: + + - 1833: [bug]: Address security vulnerabilities in pjproject + +### Commits By Author: + +- #### Mike Bradeen (1): + - res_pjsip: Address pjproject security vulnerabilities + +### Commit List: + +- res_pjsip: Address pjproject security vulnerabilities + +### Commit Details: + +#### res_pjsip: Address pjproject security vulnerabilities + Author: Mike Bradeen + Date: 2026-03-25 + + Address the following pjproject security vulnerabilities + + [GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username](https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp) + [GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header](https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc) + [GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions](https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7) + [GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing](https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj) + + Resolves: #1833 + diff --git a/README.html b/README.html index 0645fd962f..0c9b074b3f 100644 --- a/README.html +++ b/README.html @@ -1,4 +1,4 @@ -By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
@@ -37,7 +37,7 @@ hardware.
If you are updating from a previous version of Asterisk, make sure you
read the Change Logs.
-
+
NEW INSTALLATIONS
diff --git a/README.md b/README.md
index 13c6b0a98b..40903eadb5 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you are updating from a previous version of Asterisk, make sure you
read the Change Logs.
-[Change Logs](ChangeLogs/ChangeLog-certified-22.8-cert1.html)
+[Change Logs](ChangeLogs/ChangeLog-certified-22.8-cert2.html)
### NEW INSTALLATIONS