-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: mipsel
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 5620167ad92ede6af2ed3d8091a439309875d8f4 649716 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 3c8df13bb999448c4849cac6fb6355d57ff70bd3 1549264 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_mipsel.deb
 5d53104b78eebb737ffe17ca8e13c425ec8fe8a0 7039780 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 55f3b6e76f6428a66b5a93aac312d57d7703d73f 87176 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 dd3c5ef7fd3ec64a970e08fb096d8235b7a52668 1369272 asterisk-mobile_16.28.0~dfsg-0+deb11u4_mipsel.deb
 23c012f1983e260f3374512cca54c574c6bbf98f 10080192 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 dd6691d17029b331b6ee9e4a3c175165102413a5 3639440 asterisk-modules_16.28.0~dfsg-0+deb11u4_mipsel.deb
 336c05e29165624ee8f9fde50bcbb6307ca2e512 52092 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 b82a74afd934db7bb33133bda31a57ede8773372 1361812 asterisk-mp3_16.28.0~dfsg-0+deb11u4_mipsel.deb
 4acd921c913e001f6110ed6961e5c30333315f2b 132724 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 a8de6e21ddb843e9f772426fc180fc95bad3cace 1371024 asterisk-mysql_16.28.0~dfsg-0+deb11u4_mipsel.deb
 8086ac625cddd307ff521e7864277fe0255013ae 1478044 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 724295fed297d5439b02d2072f3640a1affca4b0 1591184 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_mipsel.deb
 23f497c70a188d3db07a801f3e14f47b0f580b0a 1380748 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 a493cc04dbd273504a47c8af99d64b61cfbe7652 1713840 asterisk-tests_16.28.0~dfsg-0+deb11u4_mipsel.deb
 a3d7eeecd1f35b626f7af80f066fab14e5e496d3 274320 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 0e331db7c0020454b13be48ea803cbc40f47b8b4 323312 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 eb64c0038a09db50617fdb6d89940d5637ba42b6 1440620 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_mipsel.deb
 59167214f563a1d1598a5ecdee703fb03b0d79c1 289004 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 3df4c91fec0ceb21146309d2b185a7049325adf3 1429352 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_mipsel.deb
 af266db9543e4759bbb4adf439558aaa5cb12814 1425068 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_mipsel.deb
 91250eb026f8a2fd18da8dd8094dbde0b25e7633 67932 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 98607184b7ade1f7af271ce6b0ac233d7dad30b5 1362664 asterisk-vpb_16.28.0~dfsg-0+deb11u4_mipsel.deb
 553f5433f73b1db7e9163e68a3a15edb8f531355 27539 asterisk_16.28.0~dfsg-0+deb11u4_mipsel-buildd.buildinfo
 590ff4e3c1a69f2fa91b0ecdea87fff84de504cc 2175412 asterisk_16.28.0~dfsg-0+deb11u4_mipsel.deb
Checksums-Sha256:
 38077914974c532e239409a6d4d6bde854a279b4e650b004402a67c50df5d127 649716 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 3ab5cb2474eb46ef216dede82815c342d1a70b98b6d63bc64493447e12eabd07 1549264 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_mipsel.deb
 2b20febc543813eeeca1dfe8e9a2c63015ddb46f0bd69f3780cc8e51b179e89b 7039780 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 7183a80aabd9ba77d817ef6c394e49fdddc7ee09a2e835042d2b46de8e2e2d64 87176 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 e028c9cd3cdc3c356f9e7708a98b84a9253fd95b420cb90dbccb2163c55873f6 1369272 asterisk-mobile_16.28.0~dfsg-0+deb11u4_mipsel.deb
 619a0173704c09867938d39a71e338b5ef8d7611042b0562d3650ca810661443 10080192 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 f59fb0a7758c9e8909d2ff5d6e6dba4f2589862120d435c89b5c4704235b14d3 3639440 asterisk-modules_16.28.0~dfsg-0+deb11u4_mipsel.deb
 1f0af1d761614511b0f3cdb0bc017383f0d248695e19128f4515497695d46bba 52092 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 ec20ff960c1cacc866f3ca6e1c74ce9704ba6aca4a2e8fc4d32ad3cef6e89942 1361812 asterisk-mp3_16.28.0~dfsg-0+deb11u4_mipsel.deb
 43670457b803daec45bfe382e5d21637f38263f90ac5c393361f1b87edda9b15 132724 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 69ae892f46df3672e9e0e871bb0845383dab41430fffdcd677970d0970dbfddc 1371024 asterisk-mysql_16.28.0~dfsg-0+deb11u4_mipsel.deb
 240d3e8eff1a2e8ed54e91aa06fb05cd66e03c5d96ad8eab74f4e0af53427acf 1478044 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 e40901ba3bf7b8aa455c94b893b2c249d80bb4a92477012b157d811919667e0a 1591184 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_mipsel.deb
 7ea1b9c215dd2d58e42d7121279b8b2875320b656434c4dfd0112789c0941d2b 1380748 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 3f643955b7cd289677e186a5bd0bb83805b28565253c5e3367a3e66e85c320a4 1713840 asterisk-tests_16.28.0~dfsg-0+deb11u4_mipsel.deb
 4cba23750c1865648a65b6dba535aec934aab51eb1352d8bde7882708c009300 274320 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 871a5dc625389aa3dcbd8bd287b5d2b19d06aa0d03b748da66946c77b8c98d16 323312 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 12a35038a10914dd6d010bcac1e8045f982d92b8da0de57a592f207c8b35ab1a 1440620 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_mipsel.deb
 9441cc8d6c35a30b86708671b194500d8b54c76cbded34560de85bcd6ae2bcbd 289004 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 2ad4aa43bc4c580d341074e57ce181996662ac0030bde4a1493c78c33830f294 1429352 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_mipsel.deb
 80b38f47180cf1cacd77e20069bcfc9c42ff36497c8ad5c4661b72d690ab8e06 1425068 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_mipsel.deb
 1e1b454fb82dff21bf84b64eb7b94614ca8dd79ddfa577c2e9759990a0dda940 67932 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 6a03537b19ac0138329aa6c6974db0663e7120c3843406c39b537b7ac76c038d 1362664 asterisk-vpb_16.28.0~dfsg-0+deb11u4_mipsel.deb
 34dd2b22d193798c4b9f92d83aea4493e77b712fa8fea3b40aa83fb4b6e8939b 27539 asterisk_16.28.0~dfsg-0+deb11u4_mipsel-buildd.buildinfo
 aff0f24c41267cfc2fcc71b8153779d7fff2537b8bd845dfddbd2aaa97d17ed4 2175412 asterisk_16.28.0~dfsg-0+deb11u4_mipsel.deb
Files:
 2b92740e7d71b664da794bf8622b40c2 649716 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 ce9f82463a090e7d842da11f52c573a4 1549264 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_mipsel.deb
 dd4fd1d117c5fb5833dcf84aeccdc34a 7039780 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 38014f51386bd0cdc8344e3ed5030894 87176 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 f8c9dd36f3603fbbcd922ad22cb8892c 1369272 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_mipsel.deb
 83a9576f05fc792d9c1f25ef6919d9ce 10080192 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 d514e925ce09c0244b509b14f05aaecb 3639440 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_mipsel.deb
 77cf0f8aa9c3883362e011c877d82833 52092 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 5f23e51a64d33ebb5bce3b90449e47ea 1361812 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_mipsel.deb
 587c15d31f1b9b048d677d315379fe33 132724 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 28287af7b1bed44cdeef80792e904c65 1371024 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_mipsel.deb
 6cc2dd4cc584046516308ed986ba0a53 1478044 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 3ea68d0a4ec80058727dae471b0a9eaa 1591184 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_mipsel.deb
 a656b05e8ed141fd15c9de79bb98b05a 1380748 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 861343cdf508745a2c92e2017016d994 1713840 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_mipsel.deb
 47c27689500cb1116459fd1c2bf924f8 274320 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 7c6a29939114140e3b7b0e1585938122 323312 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 b93d43b60044a34fac507fa224fe6c72 1440620 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_mipsel.deb
 eede45ca36f7be92f64cf121cca486be 289004 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 159bd39672e91fa31a394a06f9718db8 1429352 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_mipsel.deb
 29578b94131f61d34612a00dc4418889 1425068 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_mipsel.deb
 44b51691525d769e0756fabc8686e263 67932 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_mipsel.deb
 e5487902e16029f24e08a07cff73dc79 1362664 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_mipsel.deb
 4bb42b6e75e2e6afa6fb441ac2b4f15a 27539 comm optional asterisk_16.28.0~dfsg-0+deb11u4_mipsel-buildd.buildinfo
 37f40cb78ab8cd8d765db690ad6d4672 2175412 comm optional asterisk_16.28.0~dfsg-0+deb11u4_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEEmZlxOBLdXDBxnwAL00bee7O74EFAmWXAC4ACgkQL00bee7O
74F96A//ZMCGKIuO69PSJYhtAy/SJCmKgLRsbF9D+ddM+F2Zp2pTVwDrPoabXNzd
mpyyM9rXWD0Hjh1DW2yBAT0ixCuZCJH7p1q0EjaYhKNmEomZ/8Pn8ZHKinan+8lz
nt6RV//kzCjm7medq7tVz2PPpCcYp2CKDcSyW84VulreTRzGZIdia7g4DXmw+1i8
YeOYdvxoJhVTMKEcTSVHbxSgSfH7gTgaO19DTbjUa7srbGBC7HA1dt/Y41l2sYbv
MrfYCWxS2qlGPkCyHXa6KyfKes+xutmcUMc4hi1xMMdzakfyZjPHvyRSYaneX8Ph
l/Y9I02o0sUQ7xS4ax876yDB7upQ1xi8I8u72Xy9o13EgY29z/L54FhA5+zzySZE
kw2tCP8s7r+hLZJCh5WFfvIGUBINfoi5Xeuc87Iz/619JlzIqW3K5qwe1mTk0UAi
vhYbmOJGUNrHsesx5/5Qfqt2zS8EYXmxiJLlwKiqIGg7OnVLS8INcRrMg9EhVrSM
PYPZPPCR0b7lSkcCRNfA+H8XmbEeoP4l2KFK264jxGxrCAdoq8gy2K24cdrKw83F
jqCH8xG+PVdUtzFyINi/xzvnPc4hgC5BOeloD1LAMogNVzjp8N0wankiDxPhnlpG
DRMHe6kKHW1oAagZC37xyQmlnxop8xsGhfw52CjPb9/aNpvMM3g=
=UgHg
-----END PGP SIGNATURE-----