Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 808921 (ASTERISK-29381, ASTERISK-29415)

Summary: net-misc/asterisk: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: jaco, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [ebuild]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-18 18:29:32 UTC 
Security bugs fixed in this release:
-----------------------------------
[ASTERISK-29415] -
Crash in PJSIP TLS transport 
(Reported by Andrew Yager)
[ASTERISK-29381] -
chan_pjsip: Remote denial of service by an authenticated user
(Reported by Ivan Poddubny)

New Features made in this release:
Comment 1 Jaco Kroon 2021-08-18 19:37:09 UTC 
https://bugs.gentoo.org/803440

commit 93f6d97e4bd66daa168e1790f8cb3b8086854bd1
Author: Jaco Kroon <jaco@uls.co.za>
Date:   Fri Jul 23 07:10:18 2021 +0200

    net-libs/pjproject: sec bump
    
    Upstream not releasing new version, so just bring in the patch to -r2.
    
    This addresses AST-2021-009 for
    
    Closes: https://bugs.gentoo.org/803440
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Closes: https://github.com/gentoo/gentoo/pull/21752
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>


In the meantime pjproject has released a new 2.11 but I've not had time to sit down and figure out why asterisk won't compile against it.  Link actually.

Please do confirm, but I believe this is already addressed.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-18 19:40:58 UTC 

*** This bug has been marked as a duplicate of bug 803440 ***