<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
Howdy,</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
Hope you are doing well Jonas and VoiP team!</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
ASTERISK included patches upstream for PJSIP 2.16 issues — as Rob mentioned — and it does not use the affected parts of PJSIP 2.17 as referenced by Moritz.</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
Kind regards,</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
Chris Maj</div>
<div class="elementToProof" style="font-family: "Lucida Console", "Monaco", monospace; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif;"><br>
</span></div>
<hr style="display: inline-block; width: 98%;">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<b>From:</b> Pkg-voip-maintainers on behalf of Jonas Smedegaard<br>
<b>Sent:</b> Monday, April 27, 2026 12:25 AM<br>
<b>To:</b> pkg-voip-maintainers@lists.alioth.debian.org<br>
<b>Subject:</b> Re: Bug#1134884: asterisk: CVE-2025-65102 CVE-2026-25994 CVE-2026-41415 CVE-2026-40614 CVE-2026-40892 CVE-2026-41416 CVE-2026-26203 CVE-2026-26967 CVE-2026-32942 CVE-2026-28799 CVE-2026-29068 CVE-2026-32945 CVE-2026-33069 CVE-2026-34235
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-size: 11pt;">Quoting Rob van der Putten via Pkg-voip-maintainers (2026-04-27 07:55:33)<br>
> On 26/04/2026 21:39, Jonas Smedegaard wrote:<br>
><br>
> > Quoting Rob van der Putten via Pkg-voip-maintainers (2026-04-26 20:19:25)<br>
> >> On 25/04/2026 13:04, Moritz Mühlenhoff wrote:<br>
> >>> Multiple security issues were reported against pjsip and fixed<br>
> >>> in 2.17. Asterisk bundles 2.16 in unstable:<br>
> >><br>
> >> Is it possible that these bugs don't effect Asterisk 22.9.0?<br>
> >> There are a bunch of patches in the Asterisk source pjproject<br>
> >> directory<br>
> ><br>
> > Someone needs to ensure that those patches get applied.<br>
> ><br>
> > Anyone volunteering for that task?<br>
> I know very little about the Debian package build process, but I would<br>
> expect the patches to be applied during the build of 22.9.0.<br>
> This of course, does not apply to Asterisk 16.28.0 in Debian 11 / Bullseye.<br>
<br>
Thanks for clarifying, Rob, and for your reflections.<br>
<br>
Anyone else?<br>
<br>
- Jonas<br>
<br>
--<br>
* Jonas Smedegaard - idealist & Internet-arkitekt<br>
* Tlf.: +45 40843136 Website: <a href="http://dr.jones.dk/" target="_blank" id="OWA4e707465-9188-40de-5498-f4390d701ade" class="OWAAutoLink" rel="noopener noreferrer" data-auth="NotApplicable">
http://dr.jones.dk/</a><br>
* Sponsorship: <a href="https://ko-fi.com/drjones" target="_blank" id="OWA0dea06e3-f550-9444-f7c9-847bd0da2e2d" class="OWAAutoLink" rel="noopener noreferrer" data-auth="NotApplicable">
https://ko-fi.com/drjones</a><br>
<br>
[x] quote me freely [ ] ask before reusing [ ] keep private</div>
</body>
</html>