On Tue, 2020-09-01 at 15:14 +0200, Bernhard Schmidt wrote: > Dear Adam, > > On Fri, 2020-08-28 at 16:56 +0200, Bernhard Schmidt wrote: > > > I would like to make a stable-update for asterisk. > > > > > > It fixes three minor CVEs (marked no-dsa) > > > > > > #940060 CVE-2019-15297: AST-2019-004: Crash when negotiating > > > for T.38 with a declined stream > > > #947377 CVE-2019-18610: AST-2019-007: AMI user could execute > > > system > > > commands > > > #947381 CVE-2019-18790: AST-2019-006: SIP request can change > > > address of a SIP peer > > > > > > It fixes one segmentation fault due to a wrong datatype when IPv6 > > > is > > > in use > > [...] > > > and one use-after-free that causes a misleading error message to > > > appear > > > > Please go ahead. > > Thanks, upload has been ACCEPTED and built on all architectures.
I think there may be some confusion. The new upload hasn't been built on any architecture yet, as it's still in the stable-new queue awaiting final review and acceptance: asterisk | 1:16.2.1~dfsg-1+deb10u2 | stable-new | source Regards, Adam