AST-2019-004 Crash when negotiating for T.38 with a declined stream (res_pjsip_t38.c)
AST-2019-005 Remote Crash Vulnerability in audio transcoding (bug introduced in 16.5.0)
If somebody is removed who actually wants maintainer and either
didn't receive the mail, or didn't bother to reply to it, they are
free to send a diff to reinstate.
ok sthen@, jca@
AST-2019-002: Remote crash vulnerability with MESSAGE messages:
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver:
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
endpoint to switch it to T.38. If the endpoint responds with an improperly
formatted SDP answer including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer or user a crash will
occur. The code incorrectly assumes that there will be at least one common
codec when T.38 is also in the SDP answer.
Follow the upstream recommendations for packagers and switch to
multi-packages:
devel/gettext -> devel/gettext,-runtime
devel/gettext-tools -> devel/gettext,-tools
(new) devel/gettext,-textstyle
* AST-2019-001: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation
by the remote party can cause Asterisk to crash.
https://issues.asterisk.org/jira/browse/ASTERISK-28260
changes aren't too extreme, but upgrading users should review upgrade notes
in /usr/local/share/doc/asterisk (UPGRADE-14.txt, UPGRADE-15.txt, UPGRADE.txt).
from semarie@, ok danj@
This is a Python port of Google's libphonenumber library (original code
in Java). Among other features it provides phone number validation,
standardized formatting, and informations like location and original
carrier.
