Bug#1134884: asterisk: CVE-2025-65102 CVE-2026-25994 CVE-2026-41415 CVE-2026-40614 CVE-2026-40892 CVE-2026-41416 CVE-2026-26203 CVE-2026-26967 CVE-2026-32942 CVE-2026-28799 CVE-2026-29068 CVE-2026-32945 CVE-2026-33069 CVE-2026-34235

Chris Maj cmaj at sangoma.com
Tue Apr 28 17:06:22 BST 2026 

Howdy,

Hope you are doing well Jonas and VoiP team!

ASTERISK included patches upstream for PJSIP 2.16 issues — as Rob mentioned — and it does not use the affected parts of PJSIP 2.17 as referenced by Moritz.

Kind regards,

Chris Maj

________________________________
From: Pkg-voip-maintainers on behalf of Jonas Smedegaard
Sent: Monday, April 27, 2026 12:25 AM
To: pkg-voip-maintainers at lists.alioth.debian.org
Subject: Re: Bug#1134884: asterisk: CVE-2025-65102 CVE-2026-25994 CVE-2026-41415 CVE-2026-40614 CVE-2026-40892 CVE-2026-41416 CVE-2026-26203 CVE-2026-26967 CVE-2026-32942 CVE-2026-28799 CVE-2026-29068 CVE-2026-32945 CVE-2026-33069 CVE-2026-34235

Quoting Rob van der Putten via Pkg-voip-maintainers (2026-04-27 07:55:33)
> On 26/04/2026 21:39, Jonas Smedegaard wrote:
>
> > Quoting Rob van der Putten via Pkg-voip-maintainers (2026-04-26 20:19:25)
> >> On 25/04/2026 13:04, Moritz Mühlenhoff wrote:
> >>> Multiple security issues were reported against pjsip and fixed
> >>> in 2.17. Asterisk bundles 2.16 in unstable:
> >>
> >> Is it possible that these bugs don't effect Asterisk 22.9.0?
> >> There are a bunch of patches in the Asterisk source pjproject
> >> directory
> >
> > Someone needs to ensure that those patches get applied.
> >
> > Anyone volunteering for that task?
> I know very little about the Debian package build process, but I would
> expect the patches to be applied during the build of 22.9.0.
> This of course, does not apply to Asterisk 16.28.0 in Debian 11 / Bullseye.

Thanks for clarifying, Rob, and for your reflections.

Anyone else?

 - Jonas

--
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20260428/e87e107f/attachment.htm>

More information about the Pkg-voip-maintainers mailing list