Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
Control: tags -1 + confirmed
On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote:
> I would like to make a stable-update for asterisk.
>
> It fixes three minor CVEs (marked no-dsa)
>
> #940060 CVE-2019-15297: AST-2019-004: Crash when negotiating
> for T.38 with a declined stream
> #947377 CVE-2019-18610: AST-2019-007: AMI user could execute system
> commands
> #947381 CVE-2019-18790: AST-2019-006: SIP request can change
> address of a SIP peer
>
> It fixes one segmentation fault due to a wrong datatype when IPv6 is
> in use
[...]
> and one use-after-free that causes a misleading error message to
> appear
Please go ahead.
Regards,
Adam
Reply to: