Fixed in Asterisk 13.33.0: [ASTERISK-28813] - func_volume: Allow decimal numbers as parameter to improve granularity (Reported by Jean Aunis - Prescom) [ASTERISK-27946] - dial (API): Storage of dialed target uses AST_MAX_EXTENSION when it shouldn't (Reported by Joshua Elson) [ASTERISK-28782] - Add support for Content-Disposition header in multi-part INVITES (Reported by Torrey Searle)
@maintainer(s), please bump
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bba8866c2494ca62273be220a18aee165e60aea commit 9bba8866c2494ca62273be220a18aee165e60aea Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2020-05-03 11:30:10 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-05-04 17:26:08 +0000 net-misc/asterisk: version bumps Switch to media-libs/libilbc for iLBC support. Stop installing various scripts I provided a long time ago which are no longer needed (tools exist that supercedes these now). Drop samples IUSE. Remove patches that's now upstreamed. Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Bug: https://bugs.gentoo.org/720184 Closes: https://github.com/gentoo/gentoo/pull/15622 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/Manifest | 2 + net-misc/asterisk/asterisk-13.33.0.ebuild | 296 +++++++++++++++++++++++++++++ net-misc/asterisk/asterisk-16.10.0.ebuild | 301 ++++++++++++++++++++++++++++++ 3 files changed, 599 insertions(+)
@maintainer(s), please advise if ready for stabilisation, or call yourself.
(In reply to Sam James (sec padawan) from comment #3) > @maintainer(s), please advise if ready for stabilisation, or call yourself. I'm happy! RTP engine didn't blow up on ICE so that covers the portion I was worried about.
(In reply to Jaco Kroon from comment #4) > (In reply to Sam James (sec padawan) from comment #3) > > @maintainer(s), please advise if ready for stabilisation, or call yourself. > > I'm happy! RTP engine didn't blow up on ICE so that covers the portion I > was worried about. Great :)
Unable to check for sanity: > no match for package: =net-misc/asterisk-13.33
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a66a68bc50f569a9f199820e6a826d3ca9865df3 commit a66a68bc50f569a9f199820e6a826d3ca9865df3 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2020-05-13 17:49:52 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-05-14 22:12:13 +0000 net-misc/asterisk: cleanup Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Bug: https://bugs.gentoo.org/720184 Closes: https://github.com/gentoo/gentoo/pull/15779 Signed-off-by: Aaron Bauman <bman@gentoo.org> net-misc/asterisk/Manifest | 2 - net-misc/asterisk/asterisk-13.32.0-r1.ebuild | 323 ------------------ net-misc/asterisk/asterisk-16.9.0.ebuild | 315 ----------------- .../files/asterisk-13.32.0-binutils-2.34.patch | 18 - .../asterisk-historic-dahdiras-without-root.patch | 23 -- .../asterisk-historic-dundi-null-dereference.patch | 40 --- ...terisk-historic-invert-gmine-search-order.patch | 12 - .../asterisk/files/asterisk-historic-uclibc.patch | 23 -- net-misc/asterisk/files/initd-13.32.0 | 380 --------------------- 9 files changed, 1136 deletions(-)
So, jkroon pointed out the original comment is wrong here (clearly!) In the 16.8-cert1 release announcement, we had: "Security bugs fixed in this release: ----------------------------------- [ASTERISK-28589] - chan_sip: Depending on configuration an INVITE can alter Addr of a peer (Reported by Andrey V. T.) [ASTERISK-28580] - Bypass SYSTEM write permission in manager action allows system commands execution (Reported by Eliel Sardañons) [ASTERISK-28495] - res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash (Reported by Alexei Gradinari) [ASTERISK-28447] - res_pjsip_messaging: In-dialog MESSAGE with no body causes crash (Reported by Gil Richard) [ASTERISK-28465] - Broken SDP can cause a segfault in a T.38 reINVITE (Reported by Francesco Castellano)" And these seem to all be definitely fixed already by now, in previous releases(?).
GLSA vote: no! Closing.