[Git][security-tracker-team/security-tracker][master] Reserve DLA-4515-1 for asterisk

Lukas Märdian (@slyon) gitlab at salsa.debian.org
Sun Mar 29 14:18:52 BST 2026 


Lukas Märdian pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a3ac8d8 by Lukas Märdian at 2026-03-29T15:18:31+02:00
Reserve DLA-4515-1 for asterisk

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Mar 2026] DLA-4515-1 asterisk - security update
+	{CVE-2026-23738 CVE-2026-23739 CVE-2026-23740 CVE-2026-23741}
+	[bullseye] - asterisk 1:16.28.0~dfsg-0+deb11u9
 [29 Mar 2026] DLA-4514-1 gst-plugins-base1.0 - security update
 	{CVE-2026-2921}
 	[bullseye] - gst-plugins-base1.0 1.18.4-2+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -39,13 +39,6 @@ amd64-microcode
   NOTE: 20251224: See also 1109035#52 for updates from maintainer,
   NOTE: 20251224: I think the required kernel microcode driver patch are: https://lists.openwall.net/linux-kernel/2025/10/27/1012
 --
-asterisk (slyon)
-  NOTE: 20260220: Added by Front-Desk (rouca)
-  NOTE: 20260220: Investigate if possible to harden CVE-2026-23740 by tmp private unshare (systemd) (rouca)
-  NOTE: 20260306: Started initial backporting, needs more fixes & validation, https://salsa.debian.org/slyon/asterisk/-/commits/debian/bullseye (slyon)
-  NOTE: 20260312: cannot harden CVE-2026-23740 by tmp private unshare (systemd), as ast_coredumper runs as a standalone process, outside of asterisk.service's scope (slyon)
-  NOTE: 20260312: initial validation and definition of test cases, https://salsa.debian.org/lts-team/packages/asterisk/-/merge_requests/1 (slyon)
---
 bind9
   NOTE: 20260328: Added by Front-Desk (Beuc)
   NOTE: 20260328: Follow DSA-6181-1 (1 CVE), also fix the postponed CVE (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a3ac8d8477788b5742abcb77d0e0320f83f8767

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a3ac8d8477788b5742abcb77d0e0320f83f8767
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260329/9f39611d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list