-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: armel
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-arm-03) <buildd_arm64-arm-arm-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 1bcdd53f432038f1236a902f2aa30b6a0c4d05f1 634392 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 c6e8dab7da54f2f66cca286bed2b922c7104eeab 1572372 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_armel.deb
 54c062f47567cfe2342fe3d769bc105511764933 6878892 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 f92273d26a60ae1847cd9af968c4761c6fc80a28 84288 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 dbdb4ff8c0b446bf35c90c07a23b50bf58a5efc2 1374676 asterisk-mobile_16.28.0~dfsg-0+deb11u4_armel.deb
 335381f4303c153d3acc855aa6f8cfaafe7e21ec 10011272 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 9ad65eaf959cc5e11f9b6598af0c3f587e680e9a 3769508 asterisk-modules_16.28.0~dfsg-0+deb11u4_armel.deb
 93630ae96115a2d5ca5b2b10d1691268406a145d 52596 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 ffe259730d5a0743dac1ce353649f18b840c327f 1362188 asterisk-mp3_16.28.0~dfsg-0+deb11u4_armel.deb
 b449f531c9aba74c9cfe382409b8f0d6c25df56c 131568 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 eade1b9b9d8393fc6f0142cb3fc2d99958914e1b 1375432 asterisk-mysql_16.28.0~dfsg-0+deb11u4_armel.deb
 5a4f0400b9eec0affc3c0c96eb3bc69ae8a25c03 1441692 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 66d41dce73135c8d6f2290067de1c55d04f22e38 1620588 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_armel.deb
 2537c3dcf1444218e3787245c6600c3a21ca419d 1399520 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 0c8a23f6113bfddd805fe6d5c80061c6860a4286 1796532 asterisk-tests_16.28.0~dfsg-0+deb11u4_armel.deb
 e5f7a96931aad94266af7a0baa3687224035291c 266216 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 34b4444a481b48d761bd85803f30546774d6f3de 313820 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 af3ff74b5f4e7740b7fcd7822fb9d81b77a71409 1454960 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_armel.deb
 1451693e001463dc9f78ac39e5097fe9b5dc5849 279536 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 b39366c76cf8ae8b1b9e28b795c97e395bdb75de 1441672 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_armel.deb
 cce1b18a8565ddca7696f2b26c916f815179f980 1435892 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_armel.deb
 5f21cf68984b88cc27706a79e4ec6fac112fcd43 68880 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 b965f496d24d457f7a47ae99f68b54db1ed469b2 1362836 asterisk-vpb_16.28.0~dfsg-0+deb11u4_armel.deb
 9d2da200c913a7f84cd906c66f603ff78d5782fa 27662 asterisk_16.28.0~dfsg-0+deb11u4_armel-buildd.buildinfo
 c2a0e1168fd1194b843fc0c25923fa29ad895b80 2212328 asterisk_16.28.0~dfsg-0+deb11u4_armel.deb
Checksums-Sha256:
 e680298274396c0daf17b735f737bdac749e79c9be61416ec5f1c88b417941fe 634392 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 1096a65339b901a4028cef7d8aff3a8bc54da02d1cc3dff1b8256e8773806d3f 1572372 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_armel.deb
 4677416b6c96d138a992ed9cf297e4c2d18618e040ee826f0350459f42011d2c 6878892 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 f2c7e64f859e260e163eafacd4b2587300425b3bdd5472f0f6909fb624fd22db 84288 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 efbd5a0458c32bd91da2d0252b410a8b758e4a1bdc693115e9fc812031d68d01 1374676 asterisk-mobile_16.28.0~dfsg-0+deb11u4_armel.deb
 4c76225dfc528eacb91aa85385c317a5d60ab75e495891ca67ad54399a494d40 10011272 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 9a92924063815fccd3499f410b76d2d88c6fdcbc2686c57e4cb90f6ffb6415d0 3769508 asterisk-modules_16.28.0~dfsg-0+deb11u4_armel.deb
 c71b8769106ea636e25ca328faa8e21d8ebff1a202f84abb4dbc49bfe870925d 52596 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 75fac3bfae97bbb987520e4dce0284e7da2917f3d2ab2b9ac2df81fcf2a07e34 1362188 asterisk-mp3_16.28.0~dfsg-0+deb11u4_armel.deb
 5758733daecd953b76122c4a5a4b315bc1610659300ddd6cab5e950219d637bf 131568 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 37d3d5b52afc3be6026fc8ac7b1dfcfef955e9cce1def9b06bdc487554f984fd 1375432 asterisk-mysql_16.28.0~dfsg-0+deb11u4_armel.deb
 cb35f0f27d5115c3594e9e0207c9df437bfe54653d91bd728b151dcf063585db 1441692 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 d3613fa15692e8fe10e122bdc8ab4f6aa0889276903d3beafcd5187b72e41744 1620588 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_armel.deb
 c21fca9a51bfb411a8bdd60950ed32e582344025198fb8df443ed279344ab1a1 1399520 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 16abb150b5917018dd98ddcc91990be51e1b9194899161aaa5779a001c511979 1796532 asterisk-tests_16.28.0~dfsg-0+deb11u4_armel.deb
 9db67ebc89c613af11fcc95311fc7c9d1ae5f5b690680083fcf8edd658012339 266216 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 7db5406b41da75506fca494f96414fe00a323dc37436426c111bb16017ccb0c2 313820 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 50bdecfd8113906877c1a5598a9f6dbf5f8d539146ff4b3dc65b33675242b583 1454960 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_armel.deb
 596509d0d2c954d750b284fef1cfd5c40cd56dad5eec15fdd3f43a49b116d7a0 279536 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 f4faf1d52e3cb569d73aa01c127ea8f0763fcf2ebb7d50950534b829a53e7226 1441672 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_armel.deb
 a658972c421a4d3ddc9af8a6c840949d7044d80585e9ef7abb961657f33cf5f5 1435892 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_armel.deb
 824e42b161e0ea0daeed1351a382007bd4c7f64fbdbf88ca9938614686408689 68880 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 a560188b8dc1e5d58096a3c9ee34a6c86cba0b406f83e030372cd752a560cd68 1362836 asterisk-vpb_16.28.0~dfsg-0+deb11u4_armel.deb
 9a85b382789828c0a48af8a14fc83e4e9021c5fdc6a77e536ae0add4e45ed2a4 27662 asterisk_16.28.0~dfsg-0+deb11u4_armel-buildd.buildinfo
 9014a09854ff524edbb20ba58cd114a86f479d97c421b7ba6040d645ae118c53 2212328 asterisk_16.28.0~dfsg-0+deb11u4_armel.deb
Files:
 99c1e3c2b20bd750559b90614d31b630 634392 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 0a77f7d40abfa4b68fb88bcd08f38d31 1572372 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_armel.deb
 3fc2a70db7c183cb44f8aa1b08045e8b 6878892 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 7700955cdf366e30a8bf8fe1318ffd8e 84288 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 af6ad112316917ef8eea854f6d681dbd 1374676 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_armel.deb
 baf0c7687f74f1d477d173c83c505b90 10011272 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 d66d67c8a1959df6792698afc3f1c653 3769508 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_armel.deb
 c287d5e5585629f536ca9c10d80e4485 52596 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 3aa116653956612c480e9eab9fa40b32 1362188 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_armel.deb
 5d15987a64b12c958ce5540aa663f0e6 131568 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 1fae95355d120108c883667347ad831f 1375432 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_armel.deb
 a91753e79d57642351ba9f9697cd6b80 1441692 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 8d9c7dfdd75d3d9dd1d0db234cc91d3c 1620588 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_armel.deb
 ff4851ad68df484a6a6ddd3a4c2a4f71 1399520 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 c6de68b8324c473dc8d00f8a3ac2fb47 1796532 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_armel.deb
 e111b826ef9bc7d8ac329834b1ce8751 266216 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 0e5c93a90e97ec4e56b139040e51f560 313820 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 6a51d09b7e10db8d845eb211a54df337 1454960 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_armel.deb
 b2e12b55c2dcde59b051779b88b85b7e 279536 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 a445bf0dbe3318a8ecbcebea95ad51ca 1441672 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_armel.deb
 44af7e33bbb5962a1ec41e825d81c602 1435892 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_armel.deb
 0e07b872f32325021dc1913c3e2ee04c 68880 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_armel.deb
 ebf649ed946c89a919224204d2b3e4ea 1362836 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_armel.deb
 8ab21e0cb3904666f809812699fc5bfe 27662 comm optional asterisk_16.28.0~dfsg-0+deb11u4_armel-buildd.buildinfo
 aed5b71ec36ec4e96adce85078a677c9 2212328 comm optional asterisk_16.28.0~dfsg-0+deb11u4_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExwLooY4pOBEnRvQOhwvc65q7iiUFAmWW/UYACgkQhwvc65q7
iiWQIhAAstjTMJdq8ZJsMLISMQpryGvBB/0lQVK/shCWodYEsFzp6hRbWJDOlECe
hHtJeicLDPTCyTnk5Ydpwu8ZOH5JjUdNrd0ETrsFrTf3Ar2yyJSHCT0w02qlpsuf
hT7gKtKqmpjgo0irfrxjZqy9R1u6agnizF8df4ER0sjkhXBx/+j2of7aJDvl4pT9
0SdkFSB23ZKsrF2WOxBMbyLNsYKUeDRSXP+Eb9j1AIyTdInqdU+p2G+bK+xjBVz3
i196uB7P7CewEDy2vH6NGua1i5XfyL9p72Vx3Wj67gS4VvCf7fgcgvoAfJZUxwkE
vfs4QkJwdjlefzCofMOVmO4PRJ+OzgU1UK7Wi2DJP8RwHnhvO8XcAp9RSGLy76gU
P1gZbUZrlSwATQ4fnR1Cvs0f94JoWlshLXLJcGBuF9x9pabs+bDuMrVIAejgS8s+
ukf3N3te5jhMp+odUPzH2hTc9BgLgizW/M7S50ZzJVL+YxxgaqbFfu5o9Cgn6cBO
Gkap4FGscEdgMb1XqQ/rS0Ynp67KSRMnDRTwJ2oAlojW9rM23J3u5zcgTOb2aVtc
EdKi6iC5xNaGRG7xzYZzmqfsugmOYk5Cjd4uhewu5NqzMWkhL2OJSgZHaqcI5Jfp
Z5wvd6pLkeZ2SMP6TwO1NbNLIrPeqwepQak19K7jnN3io1rzf24=
=0leH
-----END PGP SIGNATURE-----