Bug#1018073: asterisk: CVE-2019-15297 AST-2021-006 crash when receiving m=image 0 udptl t38 re-invite fixed in 16.16.2
Salvatore Bonaccorso
carnil at debian.org
Thu Aug 25 20:12:01 BST 2022
Hi
I'm not sure it make sense that the CVE-2019-15297 was used both for
AST-2019-004 and AST-2021-006. I asked MITRE CNA to see if there is a
reason not to assign a new CVE for AST-2021-006.
I suspect many have missed otherwise the update through AST-2021-006
because did already tracked the CVE-2019-15297 / AST-2019-004 and
updated packages accordingly (which happened in Debian with the
1:16.10.0~dfsg-1 and 1:16.2.1~dfsg-1+deb10u2 updates).
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list