From the 16.18.0 and 18.4.0 release notifications: - [ASTERISK-29328 <https://issues.asterisk.org/jira/browse/ASTERISK-29328>] - translate.c: possible buffer overflow when upsampling (Reported by Jean Aunis - Prescom) - [ASTERISK-29379 <https://issues.asterisk.org/jira/browse/ASTERISK-29379>] - Segfault - ast_channel_is_multistream (chan=0x0) at channel_internal_api.c:1590 (Reported by Ross Beer) Jaco, are our stable versions affected or do we only need to cleanup 16.x and 18.x?
Stable not affected (13.X doesn't support re-sampling, nor multiple voice streams per channel). PR at: https://github.com/gentoo/gentoo/pull/20958 Should link soon.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36443a6ef4990853e4b562d1d884185eb45e63a8 commit 36443a6ef4990853e4b562d1d884185eb45e63a8 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2021-05-23 18:32:43 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-05-23 18:37:24 +0000 net-misc/asterisk: Security cleanup. Bug: https://bugs.gentoo.org/791553 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/20958 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> net-misc/asterisk/Manifest | 4 - net-misc/asterisk/asterisk-16.16.2-r1.ebuild | 364 --------------------------- net-misc/asterisk/asterisk-16.16.2.ebuild | 319 ----------------------- net-misc/asterisk/asterisk-16.17.0.ebuild | 319 ----------------------- net-misc/asterisk/asterisk-18.2.2.ebuild | 363 -------------------------- net-misc/asterisk/asterisk-18.3.0.ebuild | 362 -------------------------- 6 files changed, 1731 deletions(-)
Thanks! Affected versions are unstable so no GLSA. All done.