[Buildroot] [PATCH] package/asterisk: security bump to version 16.30.1
Yann E. MORIN
yann.morin.1998 at free.fr
Sun Sep 17 12:43:45 UTC 2023
Peter, All,
On 2023-09-17 11:02 +0200, Peter Korsgaard spake thusly:
> Fixes the following security vulnerabilities:
>
> CVE-2022-23537: Heap buffer overflow when decoding STUN message in pjproject
When I read "pjproject", I thnk "libpjsip". Is it realated? If so, is it
impacted? If so, should we get a fix for it too?
Applied to master, thanks.
Regards,
Yann E. MORIN.
> Possible buffer overread when parsing a specially crafted STUN message with
> unknown attribute. The vulnerability affects Asterisk users using ICE
> and/or WebRTC.
>
> https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/asterisk/asterisk.hash | 2 +-
> package/asterisk/asterisk.mk | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/asterisk/asterisk.hash b/package/asterisk/asterisk.hash
> index 98ee3bdc71..41e1da2962 100644
> --- a/package/asterisk/asterisk.hash
> +++ b/package/asterisk/asterisk.hash
> @@ -1,5 +1,5 @@
> # Locally computed
> -sha256 9b93006a87be9c29492299118200e4f66c8369851c66a50fdef5b15dfc4eb2c2 asterisk-16.29.1.tar.gz
> +sha256 ef1ddc07dc02bb0c5f5ba58a5e42e42bcb63e55ac94199be8e3b5d3910f43736 asterisk-16.30.1.tar.gz
>
> # sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
> # sha256 locally computed
> diff --git a/package/asterisk/asterisk.mk b/package/asterisk/asterisk.mk
> index 22ac0334fd..4f1a80ba8b 100644
> --- a/package/asterisk/asterisk.mk
> +++ b/package/asterisk/asterisk.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -ASTERISK_VERSION = 16.29.1
> +ASTERISK_VERSION = 16.30.1
> # Use the github mirror: it's an official mirror maintained by Digium, and
> # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
> ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list