[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2

Control: tags -1 + confirmed

On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote:
> I would like to make a stable-update for asterisk.
> 
> It fixes three minor CVEs (marked no-dsa)
> 
> #940060	  CVE-2019-15297: AST-2019-004: Crash when negotiating
> for T.38 with a declined stream
> #947377   CVE-2019-18610: AST-2019-007: AMI user could execute system
> commands
> #947381   CVE-2019-18790: AST-2019-006: SIP request can change
> address of a SIP peer
> 
> It fixes one segmentation fault due to a wrong datatype when IPv6 is
> in use
[...]
> and one use-after-free that causes a misleading error message to
> appear

Please go ahead.

Regards,

Adam
Reply to: