Source: asterisk Version: 1:16.16.1~dfsg-1 Severity: important Tags: security upstream Forwarded: https://issues.asterisk.org/jira/browse/ASTERISK-29392 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for asterisk. CVE-2021-32558[0]: | An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x | before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and | Certified Asterisk before 16.8-cert10. If the IAX2 channel driver | receives a packet that contains an unsupported media format, a crash | can occur. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32558 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558 [1] https://issues.asterisk.org/jira/browse/ASTERISK-29392 [2] https://downloads.asterisk.org/pub/security/AST-2021-008.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
