Bug#1134884: asterisk: CVE-2025-65102 CVE-2026-25994 CVE-2026-41415 CVE-2026-40614 CVE-2026-40892 CVE-2026-41416 CVE-2026-26203 CVE-2026-26967 CVE-2026-32942 CVE-2026-28799 CVE-2026-29068 CVE-2026-32945 CVE-2026-33069 CVE-2026-34235
Rob van der Putten
rob at sput.nl
Mon Apr 27 06:55:33 BST 2026
Hi there
On 26/04/2026 21:39, Jonas Smedegaard wrote:
> Quoting Rob van der Putten via Pkg-voip-maintainers (2026-04-26 20:19:25)
>> On 25/04/2026 13:04, Moritz Mühlenhoff wrote:
>>> Multiple security issues were reported against pjsip and fixed
>>> in 2.17. Asterisk bundles 2.16 in unstable:
>>
>> Is it possible that these bugs don't effect Asterisk 22.9.0?
>> There are a bunch of patches in the Asterisk source pjproject
>> directory
>
> Someone needs to ensure that those patches get applied.
>
> Anyone volunteering for that task?
I know very little about the Debian package build process, but I would
expect the patches to be applied during the build of 22.9.0.
This of course, does not apply to Asterisk 16.28.0 in Debian 11 / Bullseye.
Regards,
Rob
More information about the Pkg-voip-maintainers
mailing list