AST-2019-002: Remote crash vulnerability with MESSAGE messages:
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver:
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
endpoint to switch it to T.38. If the endpoint responds with an improperly
formatted SDP answer including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer or user a crash will
occur. The code incorrectly assumes that there will be at least one common
codec when T.38 is also in the SDP answer.
b1a64774ed