-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: armhf
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 920d4b32617cd922e51b40170b296828be80c10b 646840 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 8c0802db9988e59899c114ae713d23ebedcf17e3 1574308 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_armhf.deb
 d9034a3dff0db2e3404c63bdc139ecae5b01fd1a 6985740 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 08612fc30dda944789b3c196f768c3f3ea865800 86452 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 346fbbbea97a3653897eec68e382197dfd6b965f 1375128 asterisk-mobile_16.28.0~dfsg-0+deb11u4_armhf.deb
 b524e8aec0f5b949fac4be30b76d840bc8f2c774 10169104 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 f437afb5185fa9a9367dda38cb1b9aaa39efb644 3854416 asterisk-modules_16.28.0~dfsg-0+deb11u4_armhf.deb
 980af42eac7fb7d4f87611101dcff87c57ad6a30 50580 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 430c808d72bf03e605482a430f37ce12e6e93eee 1358404 asterisk-mp3_16.28.0~dfsg-0+deb11u4_armhf.deb
 d6b530c8000678008fcc602d27f9cc5f418608f7 134704 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 7cfbe196b1d4d4f0cf903703af2504f6c3074d22 1375764 asterisk-mysql_16.28.0~dfsg-0+deb11u4_armhf.deb
 3f59812c78a68aeabe2d63e2bfbf161935ba983a 1469104 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 6f650fe386977fd90967c366d2280e883da143f1 1633044 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_armhf.deb
 738d605fcfa00beeb180a8ac6b3fe65b82b37d88 1433360 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 0f1d0ceabaa8ac40272b139eecb7ce18fabbde54 1809408 asterisk-tests_16.28.0~dfsg-0+deb11u4_armhf.deb
 64c6f0871aa271f599d82d5cad94360ad4d09da2 272104 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 a358242f822a165d71776b0affb20c3a5a543219 320664 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 7502f2b7fb781ccd66bbe21035759a1cd0810a79 1454980 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_armhf.deb
 27c64f86649449b26bdbf03104145b19e396bb5f 285548 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 473a3e5d02d1b3b2b6b0a12e4be577e2e76aaaf5 1442168 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_armhf.deb
 4bf9f53be60676b6d7640c71721e9cef98763fe9 1436308 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_armhf.deb
 646aef71f5c522dc1bd2268f0efd14ff5986640f 69976 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 5767a3aae770255ab679d228f4d238d90c1c73b2 1363124 asterisk-vpb_16.28.0~dfsg-0+deb11u4_armhf.deb
 6885f7320d1c7b562a346edb81b7ec885a9d7038 27664 asterisk_16.28.0~dfsg-0+deb11u4_armhf-buildd.buildinfo
 4159042f77c70b153f9081290c7fc9c7e5b9dfb8 2250648 asterisk_16.28.0~dfsg-0+deb11u4_armhf.deb
Checksums-Sha256:
 4767e34a74d44edb8946c17c8781e182f40123f834700e257f1d83958d135271 646840 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 86991b988f23b32e77d9afb820ca4ee4858f09378621590c8176201abfc1ec78 1574308 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_armhf.deb
 389dde38bfd64d638b95a413502a6dbb4395ad0a3729b3c784e8dec6f75a8d8c 6985740 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 e5c40a29c5e949f1edef20ff76cf392f219c4fb479176b1371b5acb7f582d8b1 86452 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 5472fb1efbe6d38e522987e76284d59e52bc0c87e27b36635b6bc51e2e555f0d 1375128 asterisk-mobile_16.28.0~dfsg-0+deb11u4_armhf.deb
 6a1308a0a08a0c1a80c56cd55eb9d92b8bc5f14783847219a8f87c4669edfa1e 10169104 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 bbb6bf35b43a465d8bd7163ae13282fb246a593cc58f253b2055e4b13a74dfcf 3854416 asterisk-modules_16.28.0~dfsg-0+deb11u4_armhf.deb
 2a92220930954b07ed5482834419088bb8621ecb4963c79ee8f83201af349b14 50580 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 24e9bc7a9c82f02b6a63887abc12dd598f039ba2a1673f96c6cbda6b67b50e79 1358404 asterisk-mp3_16.28.0~dfsg-0+deb11u4_armhf.deb
 1580b83d92b9805a46bae14b9b5ea0b0835249e0e45367250c92bc2b1d13de56 134704 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 59253a37080ebc658d3f8723458a1ceb839b4a6fd0dee8852df82e0490667953 1375764 asterisk-mysql_16.28.0~dfsg-0+deb11u4_armhf.deb
 ccd48e3a4e4aab1d4ddaddb49d6c936bd7d7fb735b7966d763768aa822bed56a 1469104 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 a2d8fff7cf6dba3bcede5d1832fbaa48190ba5f89fb90dcb391dae0cd6e02144 1633044 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_armhf.deb
 2bb71e22eb1a682c8a32c3a9c7cad10cf4aa82f96900a29c2b4f3aed4ac41939 1433360 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 6fe03d0358dd8aeb39d1593a692346f5d4c7f1d1ed0daf15819381d42ce00214 1809408 asterisk-tests_16.28.0~dfsg-0+deb11u4_armhf.deb
 dd488811b5688762150d93eef3cedec7fd8b15c070c6f6e98fe2d080ac22dfd3 272104 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 ab66860fcac29793a4b8ade85929c105273c50563624f5535964cf1212877ebc 320664 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 c7d1a038cc47ac73ab32764e5323ff20f489c6277ea392e6734d2fe2276908ad 1454980 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_armhf.deb
 d819f26d7a82819aaee0e9dbe4be0d6db38146ef9c44a0fca1157694c1475416 285548 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 1cdec92bb029c90622fbf265729c030957f12de09c80fa4b9c082c355a783182 1442168 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_armhf.deb
 982b6f1b6f0303fbc85684e994479026c635d8aaacf8b2b00bd63f79af47e21f 1436308 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_armhf.deb
 50266d4a196292399d668eee9d75eda4e43bbe2b7193ac1cd5d29f420618071c 69976 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 6af4b3f372e90cbf37b056c393fb7554ad69885aab59fa1e7f1b340d3f19caea 1363124 asterisk-vpb_16.28.0~dfsg-0+deb11u4_armhf.deb
 f366d9ae114ece43f877aa300cecc14c74e264ef6fc015a290466b45f3b20e3c 27664 asterisk_16.28.0~dfsg-0+deb11u4_armhf-buildd.buildinfo
 ec7e6dfa25941891904c0ac7020ae95637ba096ad7db358541c38f0a23f9db87 2250648 asterisk_16.28.0~dfsg-0+deb11u4_armhf.deb
Files:
 48d6b0d1496a88f9a7f6e6541e3a7cce 646840 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 cc3660d35686565228f085d7e8e15084 1574308 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_armhf.deb
 60e7d47de900d7303298eb1ead6f48e1 6985740 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 a1cce7f3cfa02e38d318074b2e7901b9 86452 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 0c6825de4236b7ef84124b9038ffc260 1375128 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_armhf.deb
 f0a06084ad90aabc95571093007ed58c 10169104 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 78d56799e9af1130f89c69a74b482e32 3854416 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_armhf.deb
 118fd4010718b8e5997f80748c400022 50580 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 022097744594b65fd6ae369699a0a34a 1358404 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_armhf.deb
 48f92917c0dbf74f9a9b8cf903456618 134704 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 c7a98efa59126fc2888c20911dd50470 1375764 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_armhf.deb
 6114a926bcb3ad43c46797e5193d3b64 1469104 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 33bc8984b7bc9b359d9f5cf31843b43b 1633044 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_armhf.deb
 d1d95bdb39043682c957808dd9630715 1433360 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 4c81d18a6101c568520e727a33587986 1809408 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_armhf.deb
 f7de2412e2b1fcc0381705ea2f4f69c5 272104 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 577b95ebb5bda51d5bbc596d1b7ccf69 320664 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 c3878e9b6d53267473033d2bfcf88d4c 1454980 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_armhf.deb
 cc956e1d057cf3215b8a7469ccbdd110 285548 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 5724d89bbe927e2e3b005040a602cc18 1442168 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_armhf.deb
 073640ce3c513796e990fb1aebdca0cf 1436308 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_armhf.deb
 c02bc9bd325ebb8f1e7b61575227b06e 69976 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_armhf.deb
 de718a7c4be157a337521030f533830b 1363124 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_armhf.deb
 495ccd40d00ebc7c3f3c9b76ddeef846 27664 comm optional asterisk_16.28.0~dfsg-0+deb11u4_armhf-buildd.buildinfo
 b908190ed516be3feb464d35c9f6b343 2250648 comm optional asterisk_16.28.0~dfsg-0+deb11u4_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEU81tY/BC8e+eAeWhLffeOnPnbLUFAmWW+80ACgkQLffeOnPn
bLWU4BAApCd6Iozw6MlkWjsexpAEsg2o3gBXLEkSCQn4Gc94X4OJaaUcf+Y9SYde
mwMYLGVQbF4kiuGe5McOzTS90Kz+aAgrTUZ1bQgpgWQUubaQyL51T8UtA7Ewy+aE
IKCin3bdRU0Yic5TAxEHogKquIx67Aaq8pGSVPGoswk1QohinhbsMZamVVyzdfrZ
+SP2HTMyzKS/xb2mf1efFN34GwGehX+RIjvodn5Sa/QLrm0bz3ce5KkacAtDWcRA
v8OoIMIDp/GM8iTnQ2WPVCwoe+8yTVoPjXcQmc2KT/Gbs2r0N1EfjfzCXC/sJ1I8
czs3fC+3K+qZF2ivBrbhzirj1wYCs+vPNIX966nDii4RhK2nu/ZeFvosfMpEF1yC
qnvSR2ZFGhtS1o8Ua1q3afXQJg7y05dhE7JcuQ8uaK7hOoDrNFkbgMJAh5uR3ccr
Pt6hw6KMUuPPHVm1mv9XCGaMekRPsewHtiEf0/x013Orc1jKTPUiMs/K1wxKWfRq
H3aO6LCQzI+IzlFYl5ljAxUFR5mWR+rSPoBt2bmWW08pVavM1Ud8DbtBbBx8H+BE
1ZpeBG7NT1ugLfj/27wFoZek4p+h9i45JTRt0b+OQ1DZSyWIynqmZTYhJdEP4V/w
LSsBjjdXpVyoMJrXDfdbAOq5gIYGbnvqG1EwLFPtGYsHiGuDO7Y=
=1YBU
-----END PGP SIGNATURE-----