All three releases address https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9 "res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests" "ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server." "Impact: Unauthorized access/calls"
-------- Forwarded Message -------- Subject: [FD] asterisk release 18.23.1 Date: Fri, 17 May 2024 16:46:28 +0000 From: Asterisk Development Team via Fulldisclosure <fulldisclos...@seclists.org> Reply-To: no-re...@sangoma.com To: asterisk-...@groups.io, voip...@voipsa.org, fulldisclos...@seclists.org, asterisk+n...@discoursemail.com CC: Asterisk Development Team <asterisktea...@sangoma.com> The Asterisk Development Team would like to announce security release Asterisk 18.23.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.23.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.23.1 ## Change Log for Release asterisk-18.23.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.23.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.23.0...18.23.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.23.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests ### User Notes: ### Upgrade Notes: ### Commit Authors: - George Joseph: (1) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/ -------- Forwarded Message -------- Subject: [FD] asterisk release 20.8.1 Date: Fri, 17 May 2024 16:50:51 +0000 From: Asterisk Development Team via Fulldisclosure <fulldisclos...@seclists.org> Reply-To: no-re...@sangoma.com To: asterisk-...@groups.io, voip...@voipsa.org, fulldisclos...@seclists.org, asterisk+n...@discoursemail.com CC: Asterisk Development Team <asterisktea...@sangoma.com> The Asterisk Development Team would like to announce security release Asterisk 20.8.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.8.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.8.1 ## Change Log for Release asterisk-20.8.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-20.8.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/20.8.0...20.8.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-20.8.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests ### User Notes: ### Upgrade Notes: ### Commit Authors: - George Joseph: (1) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/ -------- Forwarded Message -------- Subject: [FD] asterisk release 21.3.1 Date: Fri, 17 May 2024 16:50:04 +0000 From: Asterisk Development Team via Fulldisclosure <fulldisclos...@seclists.org> Reply-To: no-re...@sangoma.com To: asterisk-...@groups.io, voip...@voipsa.org, fulldisclos...@seclists.org, asterisk+n...@discoursemail.com CC: Asterisk Development Team <asterisktea...@sangoma.com> The Asterisk Development Team would like to announce security release Asterisk 21.3.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.3.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.3.1 ## Change Log for Release asterisk-21.3.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.3.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.3.0...21.3.1) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.3.1.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-qqxj-v78h-hrf9](https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9): res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests ### User Notes: ### Upgrade Notes: ### Commit Authors: - George Joseph: (1) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
