-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jun 2023 15:20:18 CEST
Source: asterisk
Architecture: source
Version: 1:16.28.0~dfsg-0+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 5af9cd06a4c85d9b3b8ec288c8e7c2ad290748f6 4359 asterisk_16.28.0~dfsg-0+deb11u3.dsc
 bd4e5802d389b85b13262cdbc875b9b9db442b00 6839612 asterisk_16.28.0~dfsg-0+deb11u3.debian.tar.xz
 78a4908c41c684a2e9082332f30af873e3229b5c 29104 asterisk_16.28.0~dfsg-0+deb11u3_amd64.buildinfo
Checksums-Sha256:
 11a9e3ad2762153fd16d7b2f464c3b797dfb5d4526a0402597776a1ea912580a 4359 asterisk_16.28.0~dfsg-0+deb11u3.dsc
 836467eb02b0b633c09fcd90392165619a66b9f4d43a523f7258d0c669773dff 6839612 asterisk_16.28.0~dfsg-0+deb11u3.debian.tar.xz
 2189a02cb897e72332819f68c187c7257b520b8b2831579c882714d0f4ea5add 29104 asterisk_16.28.0~dfsg-0+deb11u3_amd64.buildinfo
Changes:
 asterisk (1:16.28.0~dfsg-0+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2023-27585:
     A flaw was found in Asterisk, an Open Source Private Branch Exchange. A
     buffer overflow vulnerability affects users that use PJSIP DNS resolver.
     This vulnerability is related to CVE-2022-24793. The difference is that
     this issue is in parsing the query record `parse_query()`, while the issue
     in CVE-2022-24793 is in `parse_rr()`. A workaround is to disable DNS
     resolution in PJSIP config (by setting `nameserver_count` to zero) or use
     an external resolver implementation instead.
Files:
 7cf2d7f3828dfb6281a288f1ff4e7376 4359 comm optional asterisk_16.28.0~dfsg-0+deb11u3.dsc
 bf646aefb2587e9ac5482dbf61e4a7d3 6839612 comm optional asterisk_16.28.0~dfsg-0+deb11u3.debian.tar.xz
 f05d2564eec3c523c3c9555cc7170e6c 29104 comm optional asterisk_16.28.0~dfsg-0+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSUSrBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkQtEQAIJEW01tWa6K5wUGkHpQUkobzSR2OlebCQAO
Y1G/EGDpWcTmEeSyoZtEJXmV/jiq/jPQF6u8dtlzfiK6v+sAbqrLrZe5J06s8cCc
8/fwZc3i8qr7cpk44Q1wUIAMMGI4bUqo0LKZthsUzwLGSt9UrFh2Mdm5ONDGs2dp
R4G1A5Ww5u/3Ws89NnZe3ZLdqIwq0s+uxXUS+UUXLPnSJgYiyUDYA0Wxm5pWJ1vg
0ooS5JIi4XZlUZDQN3Z86g3qkmuYW8b0tLmUFhpAOfJge9Wksmz8ul88IqW1U6W1
ZrMZO9uA1Vpenog2VWaWPmO50OOJB+1GmneoISboa/U4qjnuq4rLjczP/UNPuJdf
K9OV4V1A45/yZnBIZ91/SYAOa4yVyiH8YEoGhlzTJ9lxT7xbZodduIIg8InfYALR
+dPmkcqKUOxsh9tHPAsV/EHm35nV0LFY1U1CjIUbjEpblhdZpgkKlONZBClKc2MK
6MV/eKKhZNOpWf8CKMLNd5Xvn21V4EVr7oY7W3hK0BnT7px2cEhNdM/S1wEa3gBZ
MRMBpWls9qsYUQZP+mwh8eJ27E/7q536HWmomVOlYjFbXOkaoEclqyP1OV3kAJzw
SGqme/weLkQDq6mbqSMH4rPP8Ua/avVPOwL3vCC206ggzsKvL44bUAbDKLZitFAi
tEKZBRuh
=5IlV
-----END PGP SIGNATURE-----