package/asterisk: security bump to version 16.5.1

Fixes the following security issues:

AST-2019-004: Crash when negotiating for T.38 with a declined stream
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
responds with a declined media stream a crash will then occur in Asterisk.
https://downloads.asterisk.org/pub/security/AST-2019-004.pdf

AST-2019-005: Remote Crash Vulnerability in audio transcoding
When audio frames are given to the audio transcoding support in Asterisk the
number of samples are examined and as part of this a message is output to
indicate that no samples are present. A change was done to suppress this
message for a particular scenario in which the message was not relevant. This
change assumed that information about the origin of a frame will always exist
when in reality it may not.
https://downloads.asterisk.org/pub/security/AST-2019-005.pdf

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 965e26fd99)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2019-09-06 17:46:55 +02:00
parent 0fff609694
commit c2c35ab857
2 changed files with 2 additions and 2 deletions

View File

@ -1,5 +1,5 @@
# Locally computed
sha256 f950da848c387be9e3de24f1d0f4fa7b3924471c382192424dbe0997a5e3a3f7 asterisk-16.5.0.tar.gz
sha256 122ecf242e06da373488024e0c76154f2404d024d09eed20b23cae0795033380 asterisk-16.5.1.tar.gz
# sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
# sha256 locally computed

View File

@ -4,7 +4,7 @@
#
################################################################################
ASTERISK_VERSION = 16.5.0
ASTERISK_VERSION = 16.5.1
# Use the github mirror: it's an official mirror maintained by Digium, and
# provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))