-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 22 Jun 2023 15:20:18 CEST Source: asterisk Architecture: source Version: 1:16.28.0~dfsg-0+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 5af9cd06a4c85d9b3b8ec288c8e7c2ad290748f6 4359 asterisk_16.28.0~dfsg-0+deb11u3.dsc bd4e5802d389b85b13262cdbc875b9b9db442b00 6839612 asterisk_16.28.0~dfsg-0+deb11u3.debian.tar.xz 78a4908c41c684a2e9082332f30af873e3229b5c 29104 asterisk_16.28.0~dfsg-0+deb11u3_amd64.buildinfo Checksums-Sha256: 11a9e3ad2762153fd16d7b2f464c3b797dfb5d4526a0402597776a1ea912580a 4359 asterisk_16.28.0~dfsg-0+deb11u3.dsc 836467eb02b0b633c09fcd90392165619a66b9f4d43a523f7258d0c669773dff 6839612 asterisk_16.28.0~dfsg-0+deb11u3.debian.tar.xz 2189a02cb897e72332819f68c187c7257b520b8b2831579c882714d0f4ea5add 29104 asterisk_16.28.0~dfsg-0+deb11u3_amd64.buildinfo Changes: asterisk (1:16.28.0~dfsg-0+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload. * Fix CVE-2023-27585: A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. Files: 7cf2d7f3828dfb6281a288f1ff4e7376 4359 comm optional asterisk_16.28.0~dfsg-0+deb11u3.dsc bf646aefb2587e9ac5482dbf61e4a7d3 6839612 comm optional asterisk_16.28.0~dfsg-0+deb11u3.debian.tar.xz f05d2564eec3c523c3c9555cc7170e6c 29104 comm optional asterisk_16.28.0~dfsg-0+deb11u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSUSrBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkQtEQAIJEW01tWa6K5wUGkHpQUkobzSR2OlebCQAO Y1G/EGDpWcTmEeSyoZtEJXmV/jiq/jPQF6u8dtlzfiK6v+sAbqrLrZe5J06s8cCc 8/fwZc3i8qr7cpk44Q1wUIAMMGI4bUqo0LKZthsUzwLGSt9UrFh2Mdm5ONDGs2dp R4G1A5Ww5u/3Ws89NnZe3ZLdqIwq0s+uxXUS+UUXLPnSJgYiyUDYA0Wxm5pWJ1vg 0ooS5JIi4XZlUZDQN3Z86g3qkmuYW8b0tLmUFhpAOfJge9Wksmz8ul88IqW1U6W1 ZrMZO9uA1Vpenog2VWaWPmO50OOJB+1GmneoISboa/U4qjnuq4rLjczP/UNPuJdf K9OV4V1A45/yZnBIZ91/SYAOa4yVyiH8YEoGhlzTJ9lxT7xbZodduIIg8InfYALR +dPmkcqKUOxsh9tHPAsV/EHm35nV0LFY1U1CjIUbjEpblhdZpgkKlONZBClKc2MK 6MV/eKKhZNOpWf8CKMLNd5Xvn21V4EVr7oY7W3hK0BnT7px2cEhNdM/S1wEa3gBZ MRMBpWls9qsYUQZP+mwh8eJ27E/7q536HWmomVOlYjFbXOkaoEclqyP1OV3kAJzw SGqme/weLkQDq6mbqSMH4rPP8Ua/avVPOwL3vCC206ggzsKvL44bUAbDKLZitFAi tEKZBRuh =5IlV -----END PGP SIGNATURE-----