[Buildroot] [git commit] package/asterisk: security bump to version 16.30.1
Peter Korsgaard
peter at korsgaard.com
Sun Sep 24 21:31:44 UTC 2023
>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
> commit:
> https://git.buildroot.net/buildroot/commit/?id=01ec478cb642dc6d221ab4c2f7f2938d629dcec1
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following security vulnerabilities:
> CVE-2022-23537: Heap buffer overflow when decoding STUN message in pjproject
> Possible buffer overread when parsing a specially crafted STUN message with
> unknown attribute. The vulnerability affects Asterisk users using ICE
> and/or WebRTC.
> https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
Committed to 2023.02.x, 2023.05.x and 2023.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list