-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: amd64
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 0f8f65111d76b2e25e8f70b80c485678f3756e9e 666144 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 61e2e88ae2c53b1f8a7976cbe0f886298d05578d 1589096 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_amd64.deb
 05b8d8511b768b5b92e646e6dcc90307d40c66dc 7092400 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 4f3d700dffca60cc49f16248f58c2ed1ffa0e103 91516 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 22eac7f81770fb384e32c377306f52068113cb52 1375388 asterisk-mobile_16.28.0~dfsg-0+deb11u4_amd64.deb
 e8d2d59a5e579c24ac31404abd1db233b09857cb 10291552 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 ff885dc16c494b362a4e0fc1b594959c268d89b1 4002752 asterisk-modules_16.28.0~dfsg-0+deb11u4_amd64.deb
 19c85e0a4dfa0afaef60f010288d2eaacfcb765a 51772 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 1d7b13d1fb0581dd09a7a685bcb0d52ad9921703 1360692 asterisk-mp3_16.28.0~dfsg-0+deb11u4_amd64.deb
 7803b0738750865582745d5f181485ce06875460 135964 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 a03110240146631e2c99a10d69357e87632ecdf4 1376128 asterisk-mysql_16.28.0~dfsg-0+deb11u4_amd64.deb
 2566986aa5bdc5c43e58e8ee07e7024c82930083 1520360 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 70544e7e0d6314f43357df591fe4a2b3d4acea62 1676384 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_amd64.deb
 5d1c47274083371081394ec49d98052f2dbc5ac5 1359396 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 bcfa51d3369b3cd0530f3bfef28fce0a97ced5fb 1803944 asterisk-tests_16.28.0~dfsg-0+deb11u4_amd64.deb
 9bc9196b4c369281c5c719dcee8f99622d4e76ba 275656 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 2ebfe722c3c9db1dce435b5c7346d597ffbea1af 326740 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 8fd0c4d763e02b738a2ec6a89b49689f9f86393d 1455100 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_amd64.deb
 e214e858b38b1e92ae792fb4a956bb122ebe9f4a 289452 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 d7d77438789c1ccb824ee9b6a23d5f004f25eeda 1442604 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_amd64.deb
 36a2fc5d1dff0ccc3e174d596ad9801478bbfe07 1436960 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_amd64.deb
 31e844b295db7bbddb5ccd90ad6403c798807ef7 70988 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 79e791071fd4fa71d0d0837231a6d254267d4ad5 1364620 asterisk-vpb_16.28.0~dfsg-0+deb11u4_amd64.deb
 f856917cbf97b2baf43fc1d6f735f56073b65be3 27879 asterisk_16.28.0~dfsg-0+deb11u4_amd64-buildd.buildinfo
 8ff95bc7c182d97c18e7072331355823b411c2a8 2441340 asterisk_16.28.0~dfsg-0+deb11u4_amd64.deb
Checksums-Sha256:
 a8f4d3d4d0ddb68209e3e01a533002b92c2cd34bb895bde11f96b89ffe7893b1 666144 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 22a0e6e8ac044875520a689ef6d335209399257bdb4ebc6bebdaaac936d25cde 1589096 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_amd64.deb
 96bfd3657ec6a0b62d0bf93c9f76dafa7419396f23e6e870d2e9d8ecb363fe51 7092400 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 7b98440ceda1ea8029ea59d48de1454ea76d622a71d53b7f6ba9e0f05fce1625 91516 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 ff3d53efc88414fbb55fc84e907766d969af072861d3d699815b94f62d8685e8 1375388 asterisk-mobile_16.28.0~dfsg-0+deb11u4_amd64.deb
 bd768283362aa85a42d6896a06b7317f8ca67a35481238a6698ca1ea024d69f4 10291552 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 e6940d74ec5c5f2a08e6e5831495bea95299fd69c6b36bf3c19fbec4afa677c4 4002752 asterisk-modules_16.28.0~dfsg-0+deb11u4_amd64.deb
 833c2cfa25a2d94cb6d15602f6f3ca79717b6cc4da6719fcec9f299236601b57 51772 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 fa65fe3c3e226864b3315144db6eb0580e189b9115cc4f89bb036af2dbb40217 1360692 asterisk-mp3_16.28.0~dfsg-0+deb11u4_amd64.deb
 04e22826dc6c82531282ae1d7e30151466b5faa8dfb78f5abc70ea8ba1203244 135964 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 1b566aca3a94d83023f4372d5c80da5eaeb19dcfaaa72000eb4f2410c6fb3695 1376128 asterisk-mysql_16.28.0~dfsg-0+deb11u4_amd64.deb
 8ec3b250acf31e29fa3ab23e8348c5ba95650b9eac0f2223346b985d8ec1da11 1520360 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 cec2b522c9d90ffda3ef4996a73753b91448f09dde9c6deef78a0f93c40462a7 1676384 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_amd64.deb
 19a0bf0844fe427ec4a7ba466b3b56ea779ac776eef92fb36fd2e0ae1398bf52 1359396 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 4a3d0839371420b7457bcdaa14af7c54e933f08bcf560fa2ccc3d86a1788d848 1803944 asterisk-tests_16.28.0~dfsg-0+deb11u4_amd64.deb
 d6fcf95c33f53425c225f1175dbd1783f9169f7e7f607877e290cdd0ffa0edbe 275656 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 35a8295450fd0b67cc44ce758471d41fa7be1e255700efe07d4119f40bda062c 326740 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 ceab7ba5422ce0cbbf29663d8084e234259fbc69ac684d1770429a8670339057 1455100 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_amd64.deb
 c8861b41a7ad54e8d7031694952a731d6e29c815bb06ad8db4b3d3139ca81bee 289452 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 763733c7b179db305e5703dfb52153746b443f10ccc86c289224c7253e719f64 1442604 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_amd64.deb
 454fc2179ee52db552298a84bbd0a3b5eaf348c0d4ee523588ae3b4da51857b4 1436960 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_amd64.deb
 b6eccb093d0726b7a674eff7b65c253a073d58c0c571eda7a5eb99cabd761820 70988 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 1bf63581e86583b7990514458ca47dde5a40c799e2b680862cb415d577d77fc6 1364620 asterisk-vpb_16.28.0~dfsg-0+deb11u4_amd64.deb
 61704280496664d1b89c521e5b16b60662928e0d87954749e10c3277da2e66ab 27879 asterisk_16.28.0~dfsg-0+deb11u4_amd64-buildd.buildinfo
 d74821cc65e7130613e8857dbed1ac1acf6df60aed35dbb86aeb05e636521207 2441340 asterisk_16.28.0~dfsg-0+deb11u4_amd64.deb
Files:
 caf9c77610a7a842304bd0477963d3aa 666144 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 e1bb3a16d4329190e871bee095e6af2d 1589096 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_amd64.deb
 570fd26c7c021b943b8c32d8d9ab428e 7092400 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 7941f103cb07f283a4e8361d7ef557da 91516 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 957fc319a544278e14d45a36493f7057 1375388 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_amd64.deb
 04463029726516de4846c6dd35d2d0a1 10291552 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 5f14d4a055b98088fb57457dabb33317 4002752 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_amd64.deb
 617355b5dea9d3269c96144e182cc271 51772 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 078c59ae2627e2705d2c917d98ce560f 1360692 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_amd64.deb
 28d54bcdaf1a5b1129490ee5799eef2e 135964 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 46119cdc83257b6f768d8f1c022b4322 1376128 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_amd64.deb
 5965921c2d90c82546d99abd71bba45f 1520360 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 9172220aac4ca9039a04d6bf90a971bb 1676384 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_amd64.deb
 f6a59d3162aaee311f07536f2a44f26a 1359396 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 fed9dc13c6a4eafa24580912d15b312c 1803944 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_amd64.deb
 b8bcc88e67673fba1bb1f1f2a7ac9b89 275656 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 bb3a4a41e890734df460ab040900dfb4 326740 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 41223086a95772e091a04866c362ca65 1455100 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_amd64.deb
 1ad9f8af3d3afdb939c102590f116196 289452 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 25d7bfe7fb94584833464fdd98245546 1442604 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_amd64.deb
 686c49422fa1972977a3f2b63107c948 1436960 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_amd64.deb
 248cda055ef036fa54b3d18bcc6e72ef 70988 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_amd64.deb
 115398526ac9f38c7970d0f362c436e5 1364620 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_amd64.deb
 596793b210be98b26606b00f9b99fec0 27879 comm optional asterisk_16.28.0~dfsg-0+deb11u4_amd64-buildd.buildinfo
 da78766faf9d8c1a0f48d42cb5154856 2441340 comm optional asterisk_16.28.0~dfsg-0+deb11u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi/TVpVg0yb7dq8QfDZWW6X29YdoFAmWW/dYACgkQDZWW6X29
YdrQBw//WcF3WXiZvgTvFxou3Fvtgv6SzCfhVASyAqoY+B8imqPefvQDPbU2elYZ
7aquewXlcsdAPa43lnbeb7lEaQ5EX5BrJOjQl2ddHGX7HUrFB7YKCK59eT9/qqXB
IepmJBX1VUzfAR9W73sYdlsaRwckKVTS/aX64co+3hyw/VHdQ7HI8FhJlf0ZZR6P
66F1PcUN1ptATmzHONHzLaV+KSVbil0UE5Xc+MVyuM6bYj2xlkdJGz8iRG+Y9ubT
at7X4aOifS4CRjkh0jvXn5CdQpL9huWP8/hBlcxXewGt0PrsxgZ44XwuMDaIqCLB
PpLnTZ3FG/y5BN2+WEeqGzn9hoHp7Gd1ZcFAcj7ofC0OpH98KqI2Cx/lKZ//dVb6
Ifqt5B/GXexa+NwxnE1xhqcvM6lTWBombN8HSG+6Yo3rcG0Drwwi+a5X006lIL9w
tkB/u4HwbvlwKHXZQwU2Rni3uWS+l71mgioXPeaRvux1QyZws40MTI64or//iMEk
XxLdfuOmkfqxiLeG18xmIF6fjNrPIyjfnA0Ea2yHEc0hVFJ9SybodnOOvtbSCiA9
7OdTvN+DidXoDxZX3oOItaEt6QXEENwIIi8Z8kiMnLcKP67dkgoMgH2itxvckFKE
idpKOVZM9r2HABVWRw69scilBFXK/yg1qfKiz5FktW6nZE3llss=
=DYTI
-----END PGP SIGNATURE-----