Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
Dear Adam,
> On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote:
>> I would like to make a stable-update for asterisk.
>>
>> It fixes three minor CVEs (marked no-dsa)
>>
>> #940060 CVE-2019-15297: AST-2019-004: Crash when negotiating
>> for T.38 with a declined stream
>> #947377 CVE-2019-18610: AST-2019-007: AMI user could execute system
>> commands
>> #947381 CVE-2019-18790: AST-2019-006: SIP request can change
>> address of a SIP peer
>>
>> It fixes one segmentation fault due to a wrong datatype when IPv6 is
>> in use
> [...]
>> and one use-after-free that causes a misleading error message to
>> appear
>
> Please go ahead.
Thanks, upload has been ACCEPTED and built on all architectures.
Bernhard
Reply to: