-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 22 Jun 2023 14:47:22 +0200 Source: asterisk Binary: asterisk-config asterisk-dev asterisk-doc Architecture: all Version: 1:16.28.0~dfsg-0+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: all Build Daemon (x86-csail-02) Changed-By: Markus Koschany Description: asterisk-config - Configuration files for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk Changes: asterisk (1:16.28.0~dfsg-0+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload. * Fix CVE-2023-27585: A flaw was found in Asterisk, an Open Source Private Branch Exchange. A buffer overflow vulnerability affects users that use PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. Checksums-Sha1: ad196e8747df6e8d2f35152f99bc84243d0b01eb 1771032 asterisk-config_16.28.0~dfsg-0+deb11u3_all.deb 73322f4435e61592144dc271167b5367db861eec 1805264 asterisk-dev_16.28.0~dfsg-0+deb11u3_all.deb bb010aaebbb3f5c32ef6fe7df48bdcc79b7a8e1f 909488 asterisk-doc_16.28.0~dfsg-0+deb11u3_all.deb b11413ff7e558766fca2f87a51e8d0995cbb8dd4 20309 asterisk_16.28.0~dfsg-0+deb11u3_all-buildd.buildinfo Checksums-Sha256: 77eb3d8dd1cc1c16924106d1ccf9aa5757571b4918e5d518cb7ce143c8dc3fdc 1771032 asterisk-config_16.28.0~dfsg-0+deb11u3_all.deb 068dc525490a91a1663f4109832421a90fce1f1611ddcce71c8f46d2c3d2dff6 1805264 asterisk-dev_16.28.0~dfsg-0+deb11u3_all.deb 5b5676c5eda801508a68e05c7659a13ad0881a4e50c148c7089aef7b8ae9dd95 909488 asterisk-doc_16.28.0~dfsg-0+deb11u3_all.deb 6d3b330a4cd6314cb6d80b90721cb553afa0f885996b4687119abc9ee5b54e6c 20309 asterisk_16.28.0~dfsg-0+deb11u3_all-buildd.buildinfo Files: 0e8d6d8b21d9fe13403f7df1dfbd47db 1771032 comm optional asterisk-config_16.28.0~dfsg-0+deb11u3_all.deb 060cb7cbfb8f8af0d9a000ef8eaf464e 1805264 devel optional asterisk-dev_16.28.0~dfsg-0+deb11u3_all.deb a1a6d191f66cfb6a03aa9036656dde3b 909488 doc optional asterisk-doc_16.28.0~dfsg-0+deb11u3_all.deb 34bb6acf27ab29ec68a5512162c6d59b 20309 comm optional asterisk_16.28.0~dfsg-0+deb11u3_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtzb3SVunlrB0F8t8ExOkVqF4GXMFAmSUUlAACgkQExOkVqF4 GXO/nBAAhvzwwevT7yW8hdrVNXFMK38A6cSRUatl29WfhkVpXCZF0pTJzvUHAG7m PV5byL7vja9v/ASEoPJ/BY7uGK3x+HzMpZZwbqLl5RBJ432oydHtZNWal0yT92a0 LC6OrVSI7wtI1XdBdkfWsshgCQdxCWuhBQfb45+vqxqXScrMDEAENzpGw7ZAwn2k UgAIJ3xzQ0sXw0lm9hUJGFPm/2nkcLCzMcSel/ISlxdDA2lYT2AishdSyu1+Bytd 1k55vr3NnUM+B2rz6sFzBuePBft9KOWdIXP3TFO+9n01dyRzz5DLLPEFlusClTVK /DghInNnEiC366dSIPaMoB8dnaPUUD3SgG3nI4Fo4ptDKI6z+fIhFAFX98x7h3YC kj1V5uXi39eBagSwAQLdTyoLwTRNMWbVs0c6/+IJnDDOnCcJ3FsKyW8NyKaVk2oh Rw+3/c0yfBQEDNEEc4Iytcbk75peyZDpzQefI09N6xeDNXrR9k8mw214d9lz40S4 XDjNx8DspJMPwpY2pbC/tQdSXxAMElMp7bSxQcwhk7ryhTA8x/qbiP7imVTFJaBl OmVbHs8y6ils7RE3PrzFG6fEYrkZieUOnAd6Nj3vnssaKsOeEoNg5a659TLZS9Gb tMDRmABt7KgwZKPKYcg/0NbjVnhRLedLZC1KyYqRbjXhup/0LWM= =00fd -----END PGP SIGNATURE-----