[Buildroot] [PATCH] package/asterisk: security bump to version 16.5.1
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sat Sep 7 12:30:02 UTC 2019
On Fri, 6 Sep 2019 17:46:55 +0200
Peter Korsgaard <peter at korsgaard.com> wrote:
> Fixes the following security issues:
>
> AST-2019-004: Crash when negotiating for T.38 with a declined stream
> When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
> responds with a declined media stream a crash will then occur in Asterisk.
> https://downloads.asterisk.org/pub/security/AST-2019-004.pdf
>
> AST-2019-005: Remote Crash Vulnerability in audio transcoding
> When audio frames are given to the audio transcoding support in Asterisk the
> number of samples are examined and as part of this a message is output to
> indicate that no samples are present. A change was done to suppress this
> message for a particular scenario in which the message was not relevant. This
> change assumed that information about the origin of a frame will always exist
> when in reality it may not.
> https://downloads.asterisk.org/pub/security/AST-2019-005.pdf
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/asterisk/asterisk.hash | 2 +-
> package/asterisk/asterisk.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list