Hello Moritz,
I've read your bug report at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031046
I believe it to be unacceptable to exclude Asterisk from Bookworm.
Asterisk is used by a LOT of users worldwide and, as you've noted, is
frequently the subject of security concerns.
The VoIP Team is currently working on a plan to resolve your concerns.
If we don't provide Debian users with secure packages, they will use
packages from less reputable sources and chaos will ensue.
I believe the VoIP team can deliver on the commitments you are asking
for, we are working on raising a bigger team of volunteers so we can
more effectively address CVEs.
Stay tuned.
David