[Buildroot] [PATCH] package/asterisk: security bump to version 16.5.1
Peter Korsgaard
peter at korsgaard.com
Tue Sep 17 20:14:11 UTC 2019
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> AST-2019-004: Crash when negotiating for T.38 with a declined stream
> When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
> responds with a declined media stream a crash will then occur in Asterisk.
> https://downloads.asterisk.org/pub/security/AST-2019-004.pdf
> AST-2019-005: Remote Crash Vulnerability in audio transcoding
> When audio frames are given to the audio transcoding support in Asterisk the
> number of samples are examined and as part of this a message is output to
> indicate that no samples are present. A change was done to suppress this
> message for a particular scenario in which the message was not relevant. This
> change assumed that information about the origin of a frame will always exist
> when in reality it may not.
> https://downloads.asterisk.org/pub/security/AST-2019-005.pdf
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2019.02.x, 2019.05.x and 2019.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list