Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 808921 (ASTERISK-29381, ASTERISK-29415) - net-misc/asterisk: Multiple vulnerabilities
Summary: net-misc/asterisk: Multiple vulnerabilities
Status: RESOLVED DUPLICATE of bug 803440
Alias: ASTERISK-29381, ASTERISK-29415
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-18 18:29 UTC by Sam James
Modified: 2021-08-18 19:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-18 18:29:32 UTC 
Security bugs fixed in this release:
-----------------------------------
[ASTERISK-29415] -
Crash in PJSIP TLS transport 
(Reported by Andrew Yager)
[ASTERISK-29381] -
chan_pjsip: Remote denial of service by an authenticated user
(Reported by Ivan Poddubny)

New Features made in this release:
Comment 1 Jaco Kroon 2021-08-18 19:37:09 UTC 
https://bugs.gentoo.org/803440

commit 93f6d97e4bd66daa168e1790f8cb3b8086854bd1
Author: Jaco Kroon <jaco@uls.co.za>
Date:   Fri Jul 23 07:10:18 2021 +0200

    net-libs/pjproject: sec bump
    
    Upstream not releasing new version, so just bring in the patch to -r2.
    
    This addresses AST-2021-009 for
    
    Closes: https://bugs.gentoo.org/803440
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Closes: https://github.com/gentoo/gentoo/pull/21752
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>


In the meantime pjproject has released a new 2.11 but I've not had time to sit down and figure out why asterisk won't compile against it.  Link actually.

Please do confirm, but I believe this is already addressed.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-08-18 19:40:58 UTC 

*** This bug has been marked as a duplicate of bug 803440 ***