-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: mips64el
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-03) <buildd_mips64el-mipsel-osuosl-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 b5b78ed305221ef6ec1ddf608acc77f5e2f5c303 690832 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 eb762b50d9ca7fcc8b816c494ecf9ab51f1a3318 1547252 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_mips64el.deb
 78291a216c879d68079fa8bd23a695fa785e6896 7403264 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 de80984421a05d1b9f9780838a4bc8fe7b787f57 93340 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 958e7e47095bdfd5fd1935ff84fd7213e813e9f8 1369028 asterisk-mobile_16.28.0~dfsg-0+deb11u4_mips64el.deb
 7432bf0ccad41e7dbb7e56ed3f71d6029a0adca4 10712180 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 82d5742d9f9dda97da00e306c261210b2d7eb5e3 3574216 asterisk-modules_16.28.0~dfsg-0+deb11u4_mips64el.deb
 1bc3574253ea1103dfd5d81f249a351532b24203 53344 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 4dddfb909ff4fe6abf6af8b426b71d8d33451313 1360748 asterisk-mp3_16.28.0~dfsg-0+deb11u4_mips64el.deb
 1b48bd3bb5786b5ff79fb0de5650889f17bfc446 141328 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 1a263b89f47b23cd4ba29ed6a7835d613cc20dd2 1370640 asterisk-mysql_16.28.0~dfsg-0+deb11u4_mips64el.deb
 c5eaa6c81a7dac3aeb12f6683d8858670d49418d 1560588 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 4b95cf9bc2165610268e55d5dd7da59acc3ab2c3 1589856 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_mips64el.deb
 c50952afdef73eefe623e6367a6702d0ebee1091 1444680 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 6377884203dcaa67d88d15919723c24303ba43e4 1699556 asterisk-tests_16.28.0~dfsg-0+deb11u4_mips64el.deb
 bad487ca92b29a13e823e8eb19b1fcd4b2f081a1 289180 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 4a339a614269f4e387b034fd3a1ebe99c3b8f4e0 342172 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 fbc17944586321a5580bdd098215e8ea81a9b3fa 1438012 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_mips64el.deb
 af54f394525ea951f1bd6213b1c59a21139be6bd 303448 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 3b398f41d3ae5b235b1db8d58c215c7aee53e2e4 1427492 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_mips64el.deb
 23d30e316366ff46895599b18bd2f6b4f1e165f3 1423340 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_mips64el.deb
 c22957167e29565f98cf0996f45d45ddcf84731a 73048 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 a46c05a3976904a75742a4c39eccf6de8c0b78b4 1362368 asterisk-vpb_16.28.0~dfsg-0+deb11u4_mips64el.deb
 19645985f5bb48c73780f1a582a193d4c7908d3d 27694 asterisk_16.28.0~dfsg-0+deb11u4_mips64el-buildd.buildinfo
 39b39be088a561285fdfc54f141b6ccf46ab951c 2150916 asterisk_16.28.0~dfsg-0+deb11u4_mips64el.deb
Checksums-Sha256:
 17baa4dc61e027c16df7a652cd1c40f4037cce49985cdb9dfd22c4ea92307a3a 690832 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 60be644ec349b128e5aa8d9c6e08dd1a26add035cb0ba696b6bb756d2b6574f8 1547252 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_mips64el.deb
 238c6e5a6aae94ef67d39984fd06ada7aa0d2c7e2046bc3ded0a4807da75ae7f 7403264 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 bd2a80c8589daea96f78b5c1034af152b5c9d9a190aa6df89740828be0722392 93340 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 02d27b7d42af3ae9b696adb65f12656053af66fa32a2db0289cb659f95192834 1369028 asterisk-mobile_16.28.0~dfsg-0+deb11u4_mips64el.deb
 511f063ff7adee5c73565da39ad4f81a7b9074d08a3d2b5abf1be40aa26e7d54 10712180 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 b380504ee42dac0887fbd41ab89da6dc90605c54a454ba91ebddd23537d5d0d1 3574216 asterisk-modules_16.28.0~dfsg-0+deb11u4_mips64el.deb
 6adc0177af7d62ce9fe489674c3d7962d4715afd363035b526f5619b65e9ee4f 53344 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 ed600976f94033c558d865135553e20a6d7222d43dfacc065b5cd3f647e68c72 1360748 asterisk-mp3_16.28.0~dfsg-0+deb11u4_mips64el.deb
 7b6d979e452bc707daa6d7d5018e4c03ea51557c94d38148ba8b23c5656ca964 141328 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 cef7e482de19208e7d821dc42314e8058ecef95122c1dcbf93443f53d7329613 1370640 asterisk-mysql_16.28.0~dfsg-0+deb11u4_mips64el.deb
 c091a999d264362c49fe7a812541933c869b64657957433715f08617c10485d5 1560588 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 c6c1108c0ded91b4919f166691704139a52075f374aabbc59548375d251bc298 1589856 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_mips64el.deb
 da273c3ca12a3b8f7ae2ce8e9fa5c653718724c6ef6db73ab175d0c8944b239e 1444680 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 6ec7179ef27a99e6699057cdeebe74f85f94b51b65dba7f41ee41785ca65ffa6 1699556 asterisk-tests_16.28.0~dfsg-0+deb11u4_mips64el.deb
 145eacd932461fd3c25db2640d64ed063d67ccebce695756e8639762448f9713 289180 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 6ab635f0e0a6ee3f12f546f1de195569d034e47a12159d3a7aafb65ade2f6f15 342172 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 702e1388ac07d913f5d136fc8f25885091e91062623725660a759b2ea690b926 1438012 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_mips64el.deb
 f347d0737825af18a75d83a5851bd9fa1b7ddc92472f035872c3440511511c66 303448 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 e028c8b9d6d39a2207b4d3131b2ea44157d62499264053c7baa43c0952bcd8a2 1427492 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_mips64el.deb
 46288c9ca63f1baee28284cd4185028d83a98292bbac207c9ff3b1e7cea6978a 1423340 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_mips64el.deb
 6ee5fdd6709c6d5597de0eab2d98f0be0cbf8759221b3ed572823c2bb54eec71 73048 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 bcb8963a88efe1c3d8a8dd9a7d0bce2a90f78afa873f72ae6fa00f1ec95caaa8 1362368 asterisk-vpb_16.28.0~dfsg-0+deb11u4_mips64el.deb
 711cc75c5d9d94de8f2bf8199f1367c0b91df70c026482e5f32c0a52de21d827 27694 asterisk_16.28.0~dfsg-0+deb11u4_mips64el-buildd.buildinfo
 f633d3adfa897c3d067e396ca4e9325a8fa4df2e912dda79726cd74853fb7d68 2150916 asterisk_16.28.0~dfsg-0+deb11u4_mips64el.deb
Files:
 1704c8e0c936126af3d76b62221743f5 690832 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 be6cde9b3128e8ffc3f8f381fd33681d 1547252 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_mips64el.deb
 824af3d68ac2eb35ffaa8d2111728534 7403264 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 3fdc315462886861103bab54cbea4f79 93340 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 08c447c0d26908ef0bb4af84c6d34fbb 1369028 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_mips64el.deb
 7832928fdc02920c65b9369a6b7f5f11 10712180 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 b03c84a0ec36fd0f5bd3a6a053ac5cf1 3574216 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_mips64el.deb
 6258759dd0ef06fd4b989037b94d7ee0 53344 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 4a33556f74b99f761b66ffd899256c80 1360748 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_mips64el.deb
 34413c9793ebe5a886b692d7cbdfc502 141328 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 91b143742c83c3b798f08e036db0098d 1370640 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_mips64el.deb
 3209d389c5115d3af863087f1c4825fa 1560588 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 fa0b110b562427aa6b2f5cd1194d9c40 1589856 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_mips64el.deb
 f053b33dba22fd481e0a532b86dd6262 1444680 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 82cfbbf7eeab6ff20fe01f826459107c 1699556 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_mips64el.deb
 177ee124083c256160ebe1f6bd9223fb 289180 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 d093a23233a511f351dec6f1e38d9f68 342172 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 3125862961c0a8d6140b9b108fe277e3 1438012 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_mips64el.deb
 72044027b81abd2571b3b90e7c350a89 303448 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 003de52df858fbc7d678a9c33f281c2d 1427492 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_mips64el.deb
 f0ed795683525cd5f30cd5dd76374fdf 1423340 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_mips64el.deb
 36a4c01bef39db521919dd725709df76 73048 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_mips64el.deb
 9f2151ce99825857271069864b42e149 1362368 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_mips64el.deb
 6108e03a958d4e7eddd93c56a128e4c7 27694 comm optional asterisk_16.28.0~dfsg-0+deb11u4_mips64el-buildd.buildinfo
 ba79c13c4fd6aefb40d898c55fa853d2 2150916 comm optional asterisk_16.28.0~dfsg-0+deb11u4_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXUZVEjohYGA7PDpMojl408mCs9YFAmWW/ewACgkQojl408mC
s9a71BAAhNXOJKeZn/aOK1dZZtE/YKt28kfsQvX9NHZSVKfCcxHLUPq1mle3q1Ba
5WPzy70kQsqmtV7XODGhYLhOayFjwczD0SrNM3XdSURYi2sa7d6RqHnVfn+ThDcE
na/iiMdTvwDHdgQFK6Kz+HBW8cZctFEsIundWZ4G8jIr5z1PhL64WJmWkpAXfMK9
EquX1dUnSICm/GKuEeVabCiHzSSkH1Ma3xwwstXa7SVsCAXXxQfApTwVEB7AEiRD
axNprHXrl2lZe8yMKQUKHEfrrxpDgtyBf0u3QX1clVU2u2ULhiT9QkDqbRfjllQe
2GwmqKLHyvZOdDVcI9zdogzZO0EqQhVksEkBwhSKYFgmtfajX9cmky1v8/lwYhwz
RYUSlVg5JOr1BtO39QJukcU4dPL3Cn6/pDK6/y34xXPfNCdPgLzKcdtWWaK8i7oH
wFEEnOtsfp6HG/VzyzYKDcn5dADo7uVRihCBOZoHwVrFTfdXqTL+3UU759NNM623
hi9FeZIdGDyvxsOojHyfcMY+hRISdN182tIQOzNiMnlqzhKVj6wZALr50v9ulvm5
TFQ1ggpHheE701UIgd+FGjDQtV9oK7n3qv1GpMCRvSO682pFR/jt9HWfGbw5cgYb
ioKWyW3SrJxH5fSeAzJohpf6KW+JR/iumZ+6m/A5xbvBHPk8ntM=
=WNLl
-----END PGP SIGNATURE-----