Control: tags -1 + confirmed On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote: > I would like to make a stable-update for asterisk. > > It fixes three minor CVEs (marked no-dsa) > > #940060 CVE-2019-15297: AST-2019-004: Crash when negotiating > for T.38 with a declined stream > #947377 CVE-2019-18610: AST-2019-007: AMI user could execute system > commands > #947381 CVE-2019-18790: AST-2019-006: SIP request can change > address of a SIP peer > > It fixes one segmentation fault due to a wrong datatype when IPv6 is > in use [...] > and one use-after-free that causes a misleading error message to > appear
Please go ahead. Regards, Adam