Bug#1134884: asterisk: CVE-2025-65102 CVE-2026-25994 CVE-2026-41415 CVE-2026-40614 CVE-2026-40892 CVE-2026-41416 CVE-2026-26203 CVE-2026-26967 CVE-2026-32942 CVE-2026-28799 CVE-2026-29068 CVE-2026-32945 CVE-2026-33069 CVE-2026-34235

[Jonas Smedegaard]

Hi Chris,

Quoting Chris Maj via Pkg-voip-maintainers (2026-04-28 18:06:22)
> Howdy,
> 
> Hope you are doing well Jonas and VoiP team!

Yes, thank you. Hope you are doing well too.

> ASTERISK included patches upstream for PJSIP 2.16 issues � as Rob
> mentioned � and it does not use the affected parts of PJSIP 2.17 as
> referenced by Moritz.

I am aware that Asterisk upstream embeds PJSIP and applies patches on
top of that.

I am not sure, however, whether the Debian packaging of Asterisk has
those same patches applied or not.

It seems to me that both Rob and you are assuming that Debian source is
same as Asterisk upstream source.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/
 * Sponsorship: https://ko-fi.com/drjones

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20260428/0f8e5ca2/attachment.sig>