-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: arm64
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 3add446d38a77f11ce3802c2a059c2e536cd7575 667556 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 fc02bcc4b87875f42913e5c015ad5df3beafc43b 1562404 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_arm64.deb
 2d0eeb32327b699ddda586efa31f618a08eb9bd3 7119252 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 423ea926aa6680d157999d671a19e9592c5c78bd 88616 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 55227094e30375d4950485bb616661f993f2407d 1371872 asterisk-mobile_16.28.0~dfsg-0+deb11u4_arm64.deb
 f31c1a142588ea01fac8aa278e9e23d338cf784e 10327644 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 d4bc828eed2a3135877b9e396b575bea308dde0a 3758620 asterisk-modules_16.28.0~dfsg-0+deb11u4_arm64.deb
 63cff84ac3dc769de7423610f634f4c102594a55 50708 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 ad8b99e022c05c72473f613c13f35e40fc047541 1359400 asterisk-mp3_16.28.0~dfsg-0+deb11u4_arm64.deb
 84126db41ee4594cba38134dbad6c4a6e199d94c 135704 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 02e3bbf3500bb101b222811bf47a9c1e428f9938 1372660 asterisk-mysql_16.28.0~dfsg-0+deb11u4_arm64.deb
 15bbeb8cd5828f433d481b836b9d554d7b570697 1494260 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 d6b52c91af775cfef44639d7aebcd35da7c5ee0a 1652816 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_arm64.deb
 d5a2edb6f1e41fff428f94fa705d9ea65e25724a 1441892 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 9a886b608d6067ac91a2e77d4833b177aa0f6ed8 1763336 asterisk-tests_16.28.0~dfsg-0+deb11u4_arm64.deb
 0a8d4c1fbee9e23dc85ba416fdda0c71cc083db5 276668 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 66e19117175539f3c3626206ccb839a9ebe316be 327328 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 7f5ebfb2ff070edc870c18e7fdb931fd5a3af598 1445436 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_arm64.deb
 8f85cab6e6cca89d4ad402e546953527fec548a2 290484 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 6b9bc5ca2ec539b5970e596e693040403b401c19 1433880 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_arm64.deb
 a64052a8f3ce79e6b909cbaf5ed7499f8a039c07 1429044 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_arm64.deb
 1dc7facdac1b364d03fea4ab9958053eebf18596 71060 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 1ab0ea2569c5896a9013e08286f7df743c40a798 1361768 asterisk-vpb_16.28.0~dfsg-0+deb11u4_arm64.deb
 c9e02ce6dc6f05cd0aed737a2f8cdb92e6543f90 27760 asterisk_16.28.0~dfsg-0+deb11u4_arm64-buildd.buildinfo
 69947d3266f5cdc5b20ea1b08900be48e79c41d5 2292736 asterisk_16.28.0~dfsg-0+deb11u4_arm64.deb
Checksums-Sha256:
 a2e530328113ebea0c68c034f693513a885edbcd224fdb5138e112a0830e6ac0 667556 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 a4261a33afcd31556248ce2084962e303c7645cbbd578590d232061fef869f3a 1562404 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_arm64.deb
 21f64fd3ae6d479284050d264a801592ea4bcfbb4a71584cd2af7938d54fc160 7119252 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 fb53a46aa7c1157cbaf8a074d476c50fa66c4e0a1629148fa3792ae3de6aa083 88616 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 bfe0c7211981aae18020d3fcc3f5fceb797430caaac1fcc4b5eaab83f3c6b589 1371872 asterisk-mobile_16.28.0~dfsg-0+deb11u4_arm64.deb
 f495c876e6dae8b12e0a7d808c28031a0b9bd7ed8c910b3a0f8a5699acfc30c6 10327644 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 3dd0f9c4929595956678464398bd9a9d4296b25d7228cb80be2980ee0a4a5086 3758620 asterisk-modules_16.28.0~dfsg-0+deb11u4_arm64.deb
 468ae515768a1020709b8aec1e938834ca15076c03c387c7f42dd71b7a650a83 50708 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 3814eca6efe6c38a82e6cb33267b065c7d07dbdbb5faebf585e3719903be3eba 1359400 asterisk-mp3_16.28.0~dfsg-0+deb11u4_arm64.deb
 95632061d522241c5ed61aeff6642f273f38edfffbd92931590959d7bda15e72 135704 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 74c1580a940e1fffdfb1640ec5fb52c2f2c4469ce0ab6a9850121707ac042205 1372660 asterisk-mysql_16.28.0~dfsg-0+deb11u4_arm64.deb
 ceb7e3343d48e87a28296021358eea2604cc7906e7b8df1c3753d9a1727d602b 1494260 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 bd4321849b157cf57672a208f5905d0dcc2c8a24710caac319fd5821ff7600bc 1652816 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_arm64.deb
 e04bbe92d44547ecc4e24de61e9a6e4912cd0d9a4315a843dcb1a251e6ec998c 1441892 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 1de56652d2adee40a33e2ab6de61641608e0be61c92a88c3c7b2124812f47c45 1763336 asterisk-tests_16.28.0~dfsg-0+deb11u4_arm64.deb
 cebd2bec683b99a8d42a577cf6582c45410bc6ec68c1cfc7b0753c18d579deff 276668 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 4a579a4fca52ef3c0dbc6d6014583feebc5d3d8bdb0e6fff38b814e606cfc1cb 327328 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 8407bb61cc7585465ddd728efd1839df8bb6f83db7dc62e08c8df8d8ed995823 1445436 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_arm64.deb
 02993a71af268051dc8ab7a58a915023426a4743241334c14f703d1c9c86d76f 290484 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 2eaae2e2bf29d6ed02d6c37f4a34237808d7ec8ea7ef89ea5fde7338ca01ce7d 1433880 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_arm64.deb
 58305cae13d61f0373167e5ee2653276a2eb3ed7136c7a10838fb8b7efc0bb4e 1429044 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_arm64.deb
 2ed3a0601ae26a3659ab2df437e542b669e49be48942fddc06da321cf9454cf6 71060 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 eaa738e38f1183367e68d8712f1e92adeba5a8edc9917f837032b63ab527e318 1361768 asterisk-vpb_16.28.0~dfsg-0+deb11u4_arm64.deb
 cfeb627c17b82339fb4be04b2bc1782d60bc0297100ea91ec122405bd6400c71 27760 asterisk_16.28.0~dfsg-0+deb11u4_arm64-buildd.buildinfo
 ee3750b602b792871012929c13d04d146d26254667b7836f0e5cde67f902cf12 2292736 asterisk_16.28.0~dfsg-0+deb11u4_arm64.deb
Files:
 5e930fb1b45b1a6ed36a0aa41bb65723 667556 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 f31cc2fa4c7aaee7fc984b2a792b8189 1562404 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_arm64.deb
 6f127f65e512e23937c7238dde1f0e8e 7119252 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 c98979f74f0aaccb823edff3dbaba3b7 88616 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 fc5413831453c28207a7c49d05fcb070 1371872 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_arm64.deb
 6e477a80158ca58c82063e338b285010 10327644 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 1636fb5dd2f23f0281a22e0146f58fc5 3758620 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_arm64.deb
 1d94ed53ee00df571398b778107d2f8b 50708 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 8458361f679827e34a3427e5dbcc3dc9 1359400 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_arm64.deb
 271926ddd1693c61aff42a2c44c1bcbd 135704 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 2ad420207a72d654b4abd2457e737cde 1372660 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_arm64.deb
 629902c06b57367dc57ca9ef97e5d99f 1494260 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 1e469446b40fd005023dd8a778bef8d3 1652816 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_arm64.deb
 37c574d0610080892a1bdd4dd7baa233 1441892 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 23c5b149a143e77616b35dfbfcc3aaa0 1763336 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_arm64.deb
 9b92233d7c7a94bf28b0009311513423 276668 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 9add40cf8f461943725dba3038c1aa13 327328 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 c0675a3bba51b67a61334c5d29c9210e 1445436 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_arm64.deb
 975ff2473ac82f3c95c6376981c66b81 290484 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 78955ed82b91d427654220deec949f51 1433880 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_arm64.deb
 6c6b0312580aae75fad7880024f39c8e 1429044 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_arm64.deb
 07cecc561dfbfe6cea0cb2762bd245e3 71060 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_arm64.deb
 a80ba339f333e385fdf4cf2a7a5b3efb 1361768 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_arm64.deb
 491e916d9f7b72ea3e1ce7be6c187e2d 27760 comm optional asterisk_16.28.0~dfsg-0+deb11u4_arm64-buildd.buildinfo
 62b18331ee2968623c223a64ed6a5124 2292736 comm optional asterisk_16.28.0~dfsg-0+deb11u4_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElif5H+pIB11ZS5Aay8vyjiVDuNYFAmWW+/0ACgkQy8vyjiVD
uNY+XhAAgwYzP7HFhw6m/sqzsX009TdjErb3gvwYMTvh2Dz3ZB+gtfHbPyHTOgmt
b5HV9EQ+/pMetYOno2wsxRxYgWpcPqX5IJn5cnVS1LqYm3d6/J6Pyg+/K4HzjiZa
00guF+uKF7i0e0FQ6wwqnLqv/dZh68sUJcQI4QV9vYzvP2NqF2iUHSWOczdfxWDz
41+hQJi/sxptLKmRFJMp0/oKsQNvhi65YxhYTZ1ZsYk02iVh17wmSeo3Fsn73SQJ
9rpGKc2+gJZ/e5solc2x4VvgrmiYG0Kia6p/hSE1gJK07pkfYuZVNyibzWOEdzfw
5IdEeo5I3N8PdLkx2eKmEtK1TSvlI+RqjYsX73Jo2UjnQdo6lnDAPKckvd9wiQwD
HbUC36ibFA0I90nImLsOkPHic3s2lc9EDQ0mge1lawTAcmVfTTr7Ikn61NsyTNNM
WlguBso/CF4z3b+0/HNDkvjahtvgh7QBM/innFdZlbSkE/9q1nvzPtmsJKdkaL2o
Vx724IP4XMHce3CV2sk8vRBBSsK6vy4w4wTTdPO/rXzp6GimZ6DrimIoyOYVszdi
NQ6hG6gHB6TeG8lBmBMZd/pTUO3WckKNixPtMe/5QDqDFnf9AFNfhZsNbPlAdrDE
H2XXJ03auarx8aYzyaNrSmpl92J0RS0OIgVBgImPcnAAKIeKxH0=
=OKhi
-----END PGP SIGNATURE-----