Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted asterisk 1:16.28.0~dfsg-0+deb11u5 (source) into oldstable-security
Date: Sun, 20 Oct 2024 17:20:24 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 20 Oct 2024 16:03:02 +0200
Source: asterisk
Architecture: source
Version: 1:16.28.0~dfsg-0+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u5) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2024-42365
     Fix privilege escalation, remote code execution and/or
     blind server-side request forgery with arbitrary protocol.
   * CVE-2024-42491
     Fix handling of malformed Contact or Record-Route URI in an incoming
     SIP request, which can cause Asterisk to crash when res_resolver_unbound
     is used
   * fix minor privilege escalation in systemd.patch
     (Thanks to Niels Galjaard)
     (-> https://salsa.debian.org/pkg-voip-team/asterisk/
                       -/commit/0617fd6e42767ffef40aae56d6675c8234ba5081)
     (-> https://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/
                       2024-July/038664.html)
Checksums-Sha1:
 a9576716d86c86fe5d049dd28d5253e53e72df72 4367 asterisk_16.28.0~dfsg-0+deb11u5.dsc
 5a45e9184694bfe17159cda89c62f12b98ffb8d2 6873200 asterisk_16.28.0~dfsg-0+deb11u5.debian.tar.xz
 4c06e2dd1c35bde174b4fe08d7c30086135c2536 29280 asterisk_16.28.0~dfsg-0+deb11u5_amd64.buildinfo
Checksums-Sha256:
 b6acb1164da955f40c7fdadcf832a68c0ab7d9d9f3e61d0d873497a83b2aa61e 4367 asterisk_16.28.0~dfsg-0+deb11u5.dsc
 3aee917b00c94652573fae3de62ba1814b26afb7f79924b77212a4dfda0ad6e4 6873200 asterisk_16.28.0~dfsg-0+deb11u5.debian.tar.xz
 890e61366565c88d4656b96d86ab003349245e3b3f7264c7d8b61176fa747bf2 29280 asterisk_16.28.0~dfsg-0+deb11u5_amd64.buildinfo
Files:
 5128772a7266e61c16495f91c5894941 4367 comm optional asterisk_16.28.0~dfsg-0+deb11u5.dsc
 9464da58b8a93983efedc6473081f1c1 6873200 comm optional asterisk_16.28.0~dfsg-0+deb11u5.debian.tar.xz
 3a6f91b7a85cb2a614dbe9ccc1b4a552 29280 comm optional asterisk_16.28.0~dfsg-0+deb11u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmcVOIVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR52XEADAoTYKaEeaOW2gSPFOeP+Fp20xZoVM
x3C7HV30ID/aaoD7u5vfZ5g+gNWyMJDtV69h+KGv5ajnJhAw5m/gz6RUbWNV9HWg
/Zgy0Do+HS838jUtvtF8st7gjrg7Loh64h6TsxTNwlOyG3nP4yttm6K4ei8aDzOd
70ovZRxw9Cvrtfyv2DQPzm0ftLzRrmx6aBrztQZJjaW+BVCnQ99dzKDjfMwe67AM
UjHTRBABAJsLu4FknkB1J0jxZ17MD5ZIQPFLQ5Dqz79adnHxA0kcuJ3axIcXlWFt
UELKB5AD/pbbf1vD5yKqq8rHsSn5I5YKM0skvxSNAQOek4QIaGZXnuAuU718bFeA
KZrV21ZA5ml0aKV0XbSjxDHY1U074tzgzJ8XRHeDvNxHDMAgKx3K6SkLOdEcZw3B
4weC+ruDkpE4yteelhyshckuitdBMO2UXdKPh2sdN0dLsgQtYrtzhsE8rJrxbZ5v
e9PtJuFHKZQc6h8OfBUlOM455sV+/JAQ/r+ThVchORTJPdVj+1pK6YYkru6jxOgq
Hi+sYmaKCOW8JhnF3GNifqCa2JPiiqVjxVdpZqayHjt3ZHO8wHwPsL44jMsuWuug
oAaBBVBteiEuuCHGraEg0GVMbukyTcLdAj/x3cJgzmlGDZjlH6cBNZrIvRPF7AWZ
gNgHbUQR2joEHw==
=hX/E
-----END PGP SIGNATURE-----

News for package asterisk