-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Jan 2024 18:58:50 +0100
Source: asterisk
Binary: asterisk asterisk-dahdi asterisk-dahdi-dbgsym asterisk-dbgsym asterisk-mobile asterisk-mobile-dbgsym asterisk-modules asterisk-modules-dbgsym asterisk-mp3 asterisk-mp3-dbgsym asterisk-mysql asterisk-mysql-dbgsym asterisk-ooh323 asterisk-ooh323-dbgsym asterisk-tests asterisk-tests-dbgsym asterisk-voicemail asterisk-voicemail-dbgsym asterisk-voicemail-imapstorage asterisk-voicemail-imapstorage-dbgsym asterisk-voicemail-odbcstorage asterisk-voicemail-odbcstorage-dbgsym asterisk-vpb asterisk-vpb-dbgsym
Architecture: s390x
Version: 1:16.28.0~dfsg-0+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 asterisk   - Open Source Private Branch Exchange (PBX)
 asterisk-dahdi - DAHDI devices support for the Asterisk PBX
 asterisk-mobile - Bluetooth phone support for the Asterisk PBX
 asterisk-modules - loadable modules for the Asterisk PBX
 asterisk-mp3 - MP3 playback support for the Asterisk PBX
 asterisk-mysql - MySQL database protocol support for the Asterisk PBX
 asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c
 asterisk-tests - internal test modules of the Asterisk PBX
 asterisk-voicemail - simple voicemail support for the Asterisk PBX
 asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
 asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
 asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-37457:
     The 'update' functionality of the PJSIP_HEADER dialplan function can exceed
     the available buffer space for storing the new value of a header. By doing
     so this can overwrite memory or cause a crash. This is not externally
     exploitable, unless dialplan is explicitly written to update a header based
     on data from an outside source. If the 'update' functionality is not used
     the vulnerability does not occur.
   * Fix CVE-2023-38703:
     PJSIP is a free and open source multimedia communication library written in
     C with high level API in C, C++, Java, C#, and Python languages. SRTP is a
     higher level media transport which is stacked upon a lower level media
     transport such as UDP and ICE. Currently a higher level transport is not
     synchronized with its lower level transport that may introduce a
     use-after-free issue. This vulnerability affects applications that have
     SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media
     transport other than UDP. This vulnerability’s impact may range from
     unexpected application termination to control flow hijack/memory
     corruption.
   * Fix CVE-2023-49294:
     It is possible to read any arbitrary file even when the `live_dangerously`
     option is not enabled.
   * Fix CVE-2023-49786:
     Asterisk is susceptible to a DoS due to a race condition in the hello
     handshake phase of the DTLS protocol when handling DTLS-SRTP for media
     setup. This attack can be done continuously, thus denying new DTLS-SRTP
     encrypted calls during the attack. Abuse of this vulnerability may lead to
     a massive Denial of Service on vulnerable Asterisk servers for calls that
     rely on DTLS-SRTP.
Checksums-Sha1:
 bf8ef3019fc5eac6b193a0a6b46ef9628f0ce8e3 671536 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 38bca9d6776030e2dcc596fbf410ca8c1ed8b3d7 1552556 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_s390x.deb
 a112c0e813c26f780e3dfc7e0db8276774d6fe60 7228812 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 8258f8bad5ed47956cfb6a66082757271b39e7e6 90976 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 55961c5d21700bec9425c7dc94f85e6abd5385c3 1370288 asterisk-mobile_16.28.0~dfsg-0+deb11u4_s390x.deb
 8b13529d1237984b9b4ab581f3776e6b38ace249 10352952 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 e3a85518c1147972236317634f42ed4f3b927356 3661956 asterisk-modules_16.28.0~dfsg-0+deb11u4_s390x.deb
 bfd49839289310fcfd6f92b908877c0591da2114 54556 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 9b026ed8912d4bb2fc45775dfb36afc10d3b6fcb 1360572 asterisk-mp3_16.28.0~dfsg-0+deb11u4_s390x.deb
 bc039f6a9ab21b46ac5faf2cb477a9232fe98ecb 135796 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 67ae240ba1ed3aedaed675c1b3f1ae46d2eb65af 1371252 asterisk-mysql_16.28.0~dfsg-0+deb11u4_s390x.deb
 15e1c9824b514caf2ae6a59db3f400d61aa23818 1591952 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 af9aacacfbf8c807a08c4ba58fba3cecb6af5d7d 1628480 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_s390x.deb
 4cfd300e91cee1cbab84b37be01105d868e68a03 1427908 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 53adab3b69014ddf200c11e9240bd929b54276fa 1736544 asterisk-tests_16.28.0~dfsg-0+deb11u4_s390x.deb
 c159cfe42c0860151b7adb80565b96b3b9d97947 285820 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 473e282affa560da81ecf20a9d8ff93e13e8827c 337620 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 642a7baf0f7fa5ecd3c53d489bef7b25aa8be106 1440672 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_s390x.deb
 19a57a2b43be71fed5c34aa7f497d9a9ff14f2b7 299920 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 367190e92dc662dc15457f696fd6c84be3a128cf 1430032 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_s390x.deb
 a477522e2884768dcd931d781efc1500afb95d39 1425272 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_s390x.deb
 e1c5fef49d3cd44b6d0375331d1aca55568b63b5 70972 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 63ca6f233d5992ebca138f067feaf487961fceaa 1361212 asterisk-vpb_16.28.0~dfsg-0+deb11u4_s390x.deb
 073d3adb1226b6994c62183d121f6b5db2905d17 27525 asterisk_16.28.0~dfsg-0+deb11u4_s390x-buildd.buildinfo
 9c91475e87ff4ca52d7fd7f4f382a8b21b9bbc5d 2220728 asterisk_16.28.0~dfsg-0+deb11u4_s390x.deb
Checksums-Sha256:
 b2b71ea160a673a3ce50929695980384130e989d3e28af0853e7ac5a7b4d7441 671536 asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 3a34f9bd1895837a3970dee04f1881e62f6f4c8cbfe2696e51bfd80f2cbeb1fd 1552556 asterisk-dahdi_16.28.0~dfsg-0+deb11u4_s390x.deb
 4daf99e8daa33c05866672e4b202ea9b83f81b3c8d5b2939912beb36f2aae468 7228812 asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 da3e08d3543f588acbf00717234317d9a443cfed8e079a5fddf0b2f4cf8fee84 90976 asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 69e23388d6a527ee990f665848a5a9d69a187d40d3f9342a244e48b64d8b172f 1370288 asterisk-mobile_16.28.0~dfsg-0+deb11u4_s390x.deb
 c342c0460bd32f14980ebc37d8a138ab8afaf9f900dde533050184b995bd73d2 10352952 asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 a9c002d951142ede07db93e6d7f3a2e2cfdd7091c9f596d792f99476a5c7f9b3 3661956 asterisk-modules_16.28.0~dfsg-0+deb11u4_s390x.deb
 ff02b285258ec86992aff5a53403209cb5d18ed21a1e3eedbc49fef7472625fc 54556 asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 5d89bc4feef6fb74500d1f2937132b8b80a81aaaa7d7107b74f5366a9e204618 1360572 asterisk-mp3_16.28.0~dfsg-0+deb11u4_s390x.deb
 d6df4021e83038e11367af111a1c0b39003673975b73693936f469033f071ed4 135796 asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 8fd0ba2e63493d9dea8c35f3c567075f6ce6d515a6958038362d295d8cfec741 1371252 asterisk-mysql_16.28.0~dfsg-0+deb11u4_s390x.deb
 dc0ff91710ac2059e40b06734bdf4645cd5a02990c0ff67880b0ec0553789e65 1591952 asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 601b5153bfa64d71aea6343c2051a6a7d09b9814bd57650b23530e334cd2f781 1628480 asterisk-ooh323_16.28.0~dfsg-0+deb11u4_s390x.deb
 98876a2c95835d629feccf48d59c447077aa16c25d72774a5860410dd9e2c6a1 1427908 asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 0b5a82cac7f90a3734f88cf1b5d3a148764209c43f4a10e4b856889eedbbcfe6 1736544 asterisk-tests_16.28.0~dfsg-0+deb11u4_s390x.deb
 ad8ad79a49f0023b5b681d6e001a592ee8066309c3afdc226b59e898c86356df 285820 asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 4a99387fee2e7ac0095abf3c93c6ee6bae0a47bc022975d6b494b72dfbf1861d 337620 asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 1313015ac483b1c1839d79bfa2611a22fea4b45f95b14ee7f71ddead1f5b5279 1440672 asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_s390x.deb
 c346b5a037c0c8cf13bd79fe6b4a58dc3295f492b2558fa4e89e72a193a3b2d3 299920 asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 5a9b6ac21ab63eb746ebac7d342680ad9da12cfa696f594310a9161c2c4e5b2f 1430032 asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_s390x.deb
 6fac5035d77fce10709789b511e813699ccd4c796533e5c43248b833b91f7e38 1425272 asterisk-voicemail_16.28.0~dfsg-0+deb11u4_s390x.deb
 43ca48ccd3494f6840289af2d0615bf5e68d06b68689a4c89a8dc384f414e7bb 70972 asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 12282d36a050e3cccd9fa1c18b8cac5927905b36db8ceb0d3438de5877e2d3b8 1361212 asterisk-vpb_16.28.0~dfsg-0+deb11u4_s390x.deb
 64dfcef086ec55e3db6a7ded200deef5230ac075361158bcd6983983c831622d 27525 asterisk_16.28.0~dfsg-0+deb11u4_s390x-buildd.buildinfo
 f30198ca03609094f22252d7263dbf46b0c0ec15fc5c2236056752e00f26d7ee 2220728 asterisk_16.28.0~dfsg-0+deb11u4_s390x.deb
Files:
 fc2f51b3db70753cea79334c4152d012 671536 debug optional asterisk-dahdi-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 cb8e079fd138c837bd92a3246ce780c4 1552556 comm optional asterisk-dahdi_16.28.0~dfsg-0+deb11u4_s390x.deb
 e7bc853d4fded2790e9a7a5ebf1af153 7228812 debug optional asterisk-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 cbf3de4b843c0680e0eb188c0eded173 90976 debug optional asterisk-mobile-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 131aa96fa839861d386f32ce4fd007f4 1370288 comm optional asterisk-mobile_16.28.0~dfsg-0+deb11u4_s390x.deb
 b08cee76c1af18beff14802d98220076 10352952 debug optional asterisk-modules-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 7772a69b3068e6689b0decd54a9f316c 3661956 libs optional asterisk-modules_16.28.0~dfsg-0+deb11u4_s390x.deb
 f7fb909631a4c0ae9726f34ef9e50be0 54556 debug optional asterisk-mp3-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 215c512032f55f49974e7759dc87e46c 1360572 comm optional asterisk-mp3_16.28.0~dfsg-0+deb11u4_s390x.deb
 b58955d50060f1b7535b937ea51f202e 135796 debug optional asterisk-mysql-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 defa5aa091744119e86ca97293117d32 1371252 comm optional asterisk-mysql_16.28.0~dfsg-0+deb11u4_s390x.deb
 b1fda45a4f8d9583899997a3c3713470 1591952 debug optional asterisk-ooh323-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 3b07b391f5627fcb57875ba692b8bda8 1628480 comm optional asterisk-ooh323_16.28.0~dfsg-0+deb11u4_s390x.deb
 ddeb70fbe33310345c47ddac6001164e 1427908 debug optional asterisk-tests-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 9de18def5f10360b856a3625f7603d62 1736544 comm optional asterisk-tests_16.28.0~dfsg-0+deb11u4_s390x.deb
 6af994ef54e259e67b1307063eae2093 285820 debug optional asterisk-voicemail-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 e5c58debdfa2356097e1e9fffcad0c28 337620 debug optional asterisk-voicemail-imapstorage-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 d03abb4b620785d35f555847f2329706 1440672 comm optional asterisk-voicemail-imapstorage_16.28.0~dfsg-0+deb11u4_s390x.deb
 4913229225b3767083d4100f47809b39 299920 debug optional asterisk-voicemail-odbcstorage-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 654c16ab55dd8014f22e34edb9f0e892 1430032 comm optional asterisk-voicemail-odbcstorage_16.28.0~dfsg-0+deb11u4_s390x.deb
 643603a1aca7f8ae6bdd1fc3fa6a15a2 1425272 comm optional asterisk-voicemail_16.28.0~dfsg-0+deb11u4_s390x.deb
 b02b1392587cb4f807cc3d5921363ff1 70972 debug optional asterisk-vpb-dbgsym_16.28.0~dfsg-0+deb11u4_s390x.deb
 15a05ef2167058ce0ce02d922277267c 1361212 comm optional asterisk-vpb_16.28.0~dfsg-0+deb11u4_s390x.deb
 746f624fdc61c0fe08e1f87c955e86db 27525 comm optional asterisk_16.28.0~dfsg-0+deb11u4_s390x-buildd.buildinfo
 511ac3969a35221b1fe5cb0321b1e2db 2220728 comm optional asterisk_16.28.0~dfsg-0+deb11u4_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETdQgQHyJW2hcXsTC6b+AMjGgQHgFAmWW+8IACgkQ6b+AMjGg
QHioyA//diqV4yLZ9tHaVA5rkFTIsIJ9Y3loMgZHYyRg7NMiv0BD5jbZJuQ+BKSj
LhZk2e+io0mCvWaU3/2b86KXjFrIMjXcueLB3i8ulLgQF1+lXbaglD1wVxAz+ecX
rW/xIFyJDKYbsP2EjLykbF7XoEOEDAteIzGdKovuoj04OJrMb2/2r7flptLfZRuk
rzbmWDzLazeIQ+QHyIseXpyQaf3sgrX2pZmihspR3EjqvdagdQEfKMHK3ztUKtCI
I1mazyTByoZ5SL2PMtE2jv7YgWwjjcQK/bt4qqNDCqv1B5EcHHoYRPtv7PKk1lni
sTZ4Pl7husep+cyImLV5NQwphTXn8h6jij6exvizriOjGgar/rCPxGEPUOkNv/+a
anHzVbFgYSt8NJpAfQUP9YZzX+MlMM6Fa/yZgdXro63v6lVGrZBxCNe/0t9a7W7W
95+1EcJCL53QRZWPptRCNiGApq0Ij3UaTHKpiCfqWwDsOXznpSBYJvdQQ3LQHCFh
bIPsql93yNiAF3+LSmMjykEpoRqdWr9lwSlUZ74UeEeLbb92gTMf0vzB0gwsb/ns
74rnGFSQajzr54c90F/S6CV3arYo3vbUXfizF/D5qxMEvsQyxEsnzYaKjNF/j0vj
45fQtV6EEkvAP+GiwBqnhpifaY6yC09lmViAUggudy9GZeZMXuE=
=i8Cu
-----END PGP SIGNATURE-----