Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 969172@bugs.debian.org
Subject: Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
From: Bernhard Schmidt <berni@debian.org>
Date: Tue, 1 Sep 2020 15:14:27 +0200
Message-id: <[🔎] fbf1e2cc-a9ee-9cff-0b1c-620729cbc735@debian.org>
Reply-to: Bernhard Schmidt <berni@debian.org>, 969172@bugs.debian.org
In-reply-to: <e1de9c1621ef41bffe27a211ab2e6d6f07934990.camel@adam-barratt.org.uk>
References: <159862659872.25024.4832889345044598418.reportbug@fliwatuet.svr02.mucip.net> <e1de9c1621ef41bffe27a211ab2e6d6f07934990.camel@adam-barratt.org.uk> <159862659872.25024.4832889345044598418.reportbug@fliwatuet.svr02.mucip.net>

Dear Adam,
> On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote:
>> I would like to make a stable-update for asterisk.
>>
>> It fixes three minor CVEs (marked no-dsa)
>>
>> #940060	  CVE-2019-15297: AST-2019-004: Crash when negotiating
>> for T.38 with a declined stream
>> #947377   CVE-2019-18610: AST-2019-007: AMI user could execute system
>> commands
>> #947381   CVE-2019-18790: AST-2019-006: SIP request can change
>> address of a SIP peer
>>
>> It fixes one segmentation fault due to a wrong datatype when IPv6 is
>> in use
> [...]
>> and one use-after-free that causes a misleading error message to
>> appear
> 
> Please go ahead.

Thanks, upload has been ACCEPTED and built on all architectures.

Bernhard

Reply to:

Follow-Ups:
- Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#969158: expeyes: maybe a false positive generated by mail_autoremovals.pl?
Next by Date: Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
Previous by thread: Bug#969158: expeyes: maybe a false positive generated by mail_autoremovals.pl?
Next by thread: Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
Index(es):
- Date
- Thread