Source: asterisk Version: 1:16.15.0~dfsg-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1:16.2.1~dfsg-1+deb10u2
Hi, The following vulnerability was published for asterisk. Rationale: Choosed RC severity orthogonally to a potential no-dsa decision, but ideally it get fixed in time for the bullseye release. CVE-2020-35652[0]: | remote crash in res_pjsip_diversion If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-35652 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652 [1] https://issues.asterisk.org/jira/browse/ASTERISK-29191 [2] https://issues.asterisk.org/jira/browse/ASTERISK-29219 [3] https://downloads.asterisk.org/pub/security/AST-2020-003.html [4] https://downloads.asterisk.org/pub/security/AST-2020-004.html Regards, Salvatore