pjproject/asterisk Security Updates - Review Requested
Bernhard Schmidt
berni at debian.org
Wed Apr 4 10:10:22 BST 2018
Hi all (especially Jonas and Tzafrir),
I have prepared (but not yet submitted to the security team) security
updates for pjproject and asterisk, fixing the latest round of CVEs.
https://salsa.debian.org/pkg-voip-team/pjproject/commits/debian/stretch
https://salsa.debian.org/pkg-voip-team/asterisk/commits/stretch
Test packages for amd64 are available here
https://people.debian.org/~berni/pjast/
You can include them in your apt sources.list at your own risk with
deb [trusted=yes] https://people.debian.org/~berni/pjast/ ./
but I haven't managed to convince apt to prefer this repo, so even
though the version is higher than the one currently in stretch apt does
not offer to upgrade.
I have installed in on my TestPBX and made a call through chan_pjsip.
Seems good.
Only issue so far is the updated asterisk-modules picking up a new
dependency to libsdl-image1.2 / libsdl1.2debian. I have no idea why,
they have been built in a minimal stretch schroot and neither sdl
package has had any changes in Stretch.
Bernhard
More information about the Pkg-voip-maintainers
mailing list