-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: i386
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 5a2d2c3c37866c3c2d265b1f2e168735d86508dd 584824 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 e2820faa7ff602801e9ffe61f6e84c27949beca9 1593764 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_i386.deb
 8afd09a18c7d84ae8183df67bc2ba5b95b5a0ae9 6184604 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 d608b9d615fff52ae4c0a063d82692b70d4c2d04 81340 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 643a0113907ea8169f2c1149168807b7be3f866f 1376840 asterisk-mobile_16.28.0~dfsg-0+deb11u4_i386.deb
 678959a3c4c285718db47b5244d3d2bdbd3a4824 9150196 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 e61ef00da11ded67778a7ce9c6688d1f78ba29a7 4033048 asterisk-modules_16.28.0~dfsg-0+deb11u4_i386.deb
 904c099fe1ce157f05cf461ba15dfdddd88dd422 47012 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 ff7693a55405c411c6d2d42d53a7d93f75cd0b55 1360036 asterisk-mp3_16.28.0~dfsg-0+deb11u4_i386.deb
 5f66eceb2fc67e2fbe52934452dd76cbfc978dc3 124124 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 58dcac2c53cbd7793898fc2abd462239ea07f25b 1376380 asterisk-mysql_16.28.0~dfsg-0+deb11u4_i386.deb
 c230280370acd46d5c134455897923243c46ac45 1223412 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 8f1f9957ecf5ab07ce2dd0958907f4e915f2aaf0 1712168 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_i386.deb
 6e17683da401dc9f27ad58ca3537d80bdfd66ed3 1156676 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 083b6a719a989494e48974b213ce48f8bb163ad9 1782552 asterisk-tests_16.28.0~dfsg-0+deb11u4_i386.deb
 ca12aa47bb5612b6161ebe6e7e1da654363e8da6 238696 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 909f1665396bd98543c4f2c40baf72489ddbadaf 282172 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 818f890bfb40808aea22e18a11c5cc2fcb584077 1454628 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_i386.deb
 c1280b24854c9ffa3aed4c01809be9f728c354f3 249608 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 d0d7a6f7e5053343741af80dedfaffa8930f486e 1442688 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_i386.deb
 07b2cfb755f6d22675c18b3f9842622998e79dd7 1436956 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_i386.deb
 ae503289cd24c2411569b19ea9d7fd4860effcdd 65172 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 2cafb1766568052d5e2e9c556d62d0e90b33ed90 1365676 asterisk-vpb_16.28.0~dfsg-0+deb11u4_i386.deb
 574b15a58c81e8a4ee48863a6b9ef2196c9879e4 27733 asterisk_16.28.0~dfsg-0+deb11u4_i386-buildd.buildinfo
 f1125591983593e2dddef0096e4e0013d7339d88 2514068 asterisk_16.28.0~dfsg-0+deb11u4_i386.deb
Checksums-Sha256:
 046d0f877a9da64902a3957bc9b6a3dd2eb84aafe1531761f825bcb998cee359 584824 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 af52dd586d084fb0409e1ca318e742e96d125a92458e3d0fecfc8c7a81fea378 1593764 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_i386.deb
 1dd8de3847bd9b95bc482e89ecd903747782bfe8a92f25a49fb0ae59b277ae1c 6184604 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 e7f6d6c40e1b790171ed2c1af6a1092b566cb5ea2d0d27f0e9a69c745f2cbb46 81340 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 8b940cd10a0abcaaa71e22bf9bce85495693d58f1e5d143b5bea031eacafb43d 1376840 asterisk-mobile_16.28.0~dfsg-0+deb11u4_i386.deb
 d6c6a13fd5f58695be8ea823671465f6eabc023c97d6f214f7174b55a75da459 9150196 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 0c5ce83e82bfa6d0a332f189cf63a5b526eef8fe7e750497283cc5695274505f 4033048 asterisk-modules_16.28.0~dfsg-0+deb11u4_i386.deb
 641ec194c1ada9b51cf0d80c4711be364f83ce334836dad832f662367bf3942d 47012 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 56f06a340b6e91ddbbad7c0d4d991dc14eb4b37281c3a23660df4d93b87a5c73 1360036 asterisk-mp3_16.28.0~dfsg-0+deb11u4_i386.deb
 06717daa982f8dc4a88b29ef1fc39687e74ab08d0e588610c0b4047e553c1163 124124 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 f5bb99b68cfe4fd8444d02aba08675e50990f000f8d5e5f7040a395031d3f3a3 1376380 asterisk-mysql_16.28.0~dfsg-0+deb11u4_i386.deb
 685e25ba0db3ce7556ef49b6109cb450d9181bb206773acceb350edf2d140829 1223412 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 c0f34821c3f9d33ea4b52a3d1949ec609cbc832f2a504405d68196bcb18ad57d 1712168 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_i386.deb
 49f5fc6c651938e6b3dc99173fe3f86e9211589110ad9a2763d04ed016654fb3 1156676 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 6d5686361f8a028d21348cc91cb9ddb838580329441daf886d0117ddf18c5172 1782552 asterisk-tests_16.28.0~dfsg-0+deb11u4_i386.deb
 9374bc6328ef78fedf638846af8d1f3bda3a7f13c3908b8c6a70ed65a89b2199 238696 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 8f2b3e1b583809f572adcb2d21e89deee5b5d9aeb71798d4b632ea12e959f699 282172 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 676e0aba6b61fb1d2f5e651fcd50d27099e7580ca9be21831caa6f1efd1166c1 1454628 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_i386.deb
 81de4b4c6cbe547717459da45412603e843e24e5f9532759cad8dfd21fe1fe16 249608 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 486cee168ea83db00b29bf2cc1f4edd0090ef3416bc2c6610f42b3f75d697dc0 1442688 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_i386.deb
 1184b147bae925d30ba69a0b3ee9580f002472d2faded434ef8ebd5a9e99df8e 1436956 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_i386.deb
 5b2bd6ba7af2195c274ab821204b88c052a040ae3533a141a90f3ddb983cbb36 65172 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 bc60a79f7774e54f18ecb655f447f3860d2e9f956e6ea307695462764a076efd 1365676 asterisk-vpb_16.28.0~dfsg-0+deb11u4_i386.deb
 dace8b4de7558a6fecc6458bfcd6a66a9f0ad02e2e6b0c7b920cb48fc151bed8 27733 asterisk_16.28.0~dfsg-0+deb11u4_i386-buildd.buildinfo
 2ad092ae74571c713332875d82f7a70df4994b3766dd21530e260127bd40bde5 2514068 asterisk_16.28.0~dfsg-0+deb11u4_i386.deb
Files:
 b30bc8da41bc8ead9499eb75a3037547 584824 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 4470c0d3e492c4b9d02195d4aa4d4275 1593764 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_i386.deb
 9b7af1648441a52ceb97beb5cd6a5110 6184604 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 f893470ad64628d09b3fe969480fce09 81340 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 2dd67cd9724b287bc37bd2381bbb36e4 1376840 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_i386.deb
 e273c5f38f44f2566b7424dedc8b4a72 9150196 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 0537f7b5f80dc188b65415cc636fbadd 4033048 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_i386.deb
 473a5be43ec57ceb6cd4982de3dfdc25 47012 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 fd66402c532114ac36463790354e3baa 1360036 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_i386.deb
 9e064c3b0380daf8c77dbcad06580d1c 124124 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 40c74639a6be7ffe85c4bc3cd6d4b7e9 1376380 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_i386.deb
 2d79a50cb8725a4c0dd12a825030e62f 1223412 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 f762037ad7b23e04c97c8a507b9ec718 1712168 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_i386.deb
 63dc89c55edafad26a1de16e68488485 1156676 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 28f22396e462fd8156541ea12de8cff2 1782552 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_i386.deb
 1f19e1a9a9441ca40f1a21d3fc8adebc 238696 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 e818fe728ffd2832d809a208ba8108b7 282172 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 9a530b802eb5703b1d9ec024f8dcf9f3 1454628 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_i386.deb
 1c85ff546994ed2633384f214b2f8b0f 249608 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 7fb5271cfaede3bfd1fae8883f4de957 1442688 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_i386.deb
 d50975cc57b7566348a4a408ea468cae 1436956 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_i386.deb
 776fe3f94700095988c9ab726a34b803 65172 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_i386.deb
 817ae32f3b534a3c117b58f45d4d7a89 1365676 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_i386.deb
 f67824709cfb8c78534739e799685f73 27733 comm optional asterisk_16.28.0~dfsg-0+deb11u4_i386-buildd.buildinfo
 d4f20fea9b99b1fee8dc2b936704dc16 2514068 comm optional asterisk_16.28.0~dfsg-0+deb11u4_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqYm4ZPyuLwhx8Meo2VckltclZ4AFAmWW/KMACgkQ2Vckltcl
Z4AndBAAlyg34E35EW/EC2P7Fc7tX3DqITvCoIdbz+AeVMfpSUY6FF8qqrwuAYVS
cUAJfDyPUbXApXPIzjKn9U53OeqX/23C8xg9TUWkDW65AgE9kiVmesRRd/BZYXlb
3HRb9DaJHgR9Wmv3WA9adZkdB8yf+ApaVA7/hcn82p1tpIFaEEwRH+UJFjdBK4bA
Ivxl3BOdAH2tMTW/WHdAJUKmtOlm3d8yUjpgNHFzA+B492lH7gtgKh4+k7dJGS6/
AdoOcOdMX2zAC7JVb7bLdlfCz0lxsTIpS4L1RoUFZ0laDvJkJMQo5BHM+MBU51xu
5blLVvQIvWfGLwqXsHy/d8LuuFF9JDccge+Hc9s0QvSs1YOU7/rsu45A3L7MadMo
AA8nqM8sfEilwY9qzgybqD77jYiR1+6RO5/+VH7+rNfJ3tgXxVuyWNEek0r1IoEm
kjZNOidGVpa4FaHejOTCnC2lSOPwO7cB3wkOrxeu6NBbm9vn2od6axqaVSHL+lli
DppMabfKlz4hEpFXxaw7a3HDrF363gTf2UuRWb+5pRlTQm94EMssXG7sZ1ZEzSxZ
nv7ER4aYv9vGOP8upxygFPeNS6L38+XNvpWDE0Al83s5dK7xeDnWPT8io1h1T4Ag
v2BINfxT/cKfEpTCNpKBcwAAH4Vz5WFFWND6Hu5LktUsTuWB4jA=
=oUBO
-----END PGP SIGNATURE-----