Bug#969172: buster-pu: package asterisk/1:16.2.1~dfsg-1+deb10u2
On Tue, 2020-09-01 at 15:14 +0200, Bernhard Schmidt wrote:
> Dear Adam,
> > On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote:
> > > I would like to make a stable-update for asterisk.
> > >
> > > It fixes three minor CVEs (marked no-dsa)
> > >
> > > #940060 CVE-2019-15297: AST-2019-004: Crash when negotiating
> > > for T.38 with a declined stream
> > > #947377 CVE-2019-18610: AST-2019-007: AMI user could execute
> > > system
> > > commands
> > > #947381 CVE-2019-18790: AST-2019-006: SIP request can change
> > > address of a SIP peer
> > >
> > > It fixes one segmentation fault due to a wrong datatype when IPv6
> > > is
> > > in use
> > [...]
> > > and one use-after-free that causes a misleading error message to
> > > appear
> >
> > Please go ahead.
>
> Thanks, upload has been ACCEPTED and built on all architectures.
I think there may be some confusion. The new upload hasn't been built
on any architecture yet, as it's still in the stable-new queue awaiting
final review and acceptance:
asterisk | 1:16.2.1~dfsg-1+deb10u2 | stable-new | source
Regards,
Adam
Reply to: