The following security vulnerabilities were resolved in these versions: AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. AST-2020-002: Outbound INVITE loop on challenge with different nonce. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. For a full list of changes in the current releases, please see the ChangeLogs:
I really can't find an asterisk package in our repo.
CC: (none) => ouaurelienEver confirmed: 1 => 0Status: NEW => UNCONFIRMED
Indeed we haven't packaged it in years. CC'ing a packager who's looking to possibly bring it back. Also noting that it apparently has a mailing list: http://lists.digium.com/mailman/listinfo/asterisk-announce
Status: UNCONFIRMED => RESOLVEDCC: (none) => alienResolution: (none) => INVALID
Pull from Rosa then.
No.