September 2024 - Epel-packagers-sig

[Bug 2310293] New: CVE-2024-42491 asterisk: A malformed Contact or Record-Route URI in an incoming SIP request can cause crash [fedora-39]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2310293 Bug ID: 2310293 Summary: CVE-2024-42491 asterisk: A malformed Contact or Record-Route URI in an incoming SIP request can cause crash [fedora-39] Product: Fedora Version: 39 Status: NEW Whiteboard: {"flaws": ["b43ba178-910d-4466-8ab5-39e9c901317b"]} Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com Blocks: 2310279 (CVE-2024-42491) Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2310279 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2310279 [Bug 2310279] CVE-2024-42491 asterisk: A malformed Contact or Record-Route URI in an incoming SIP request can cause crash -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2310293 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 13

[Bug 2310292] New: CVE-2024-42491 asterisk: A malformed Contact or Record-Route URI in an incoming SIP request can cause crash [epel-8]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2310292 Bug ID: 2310292 Summary: CVE-2024-42491 asterisk: A malformed Contact or Record-Route URI in an incoming SIP request can cause crash [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Whiteboard: {"flaws": ["b43ba178-910d-4466-8ab5-39e9c901317b"]} Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com Blocks: 2310279 (CVE-2024-42491) Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2310279 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2310279 [Bug 2310279] CVE-2024-42491 asterisk: A malformed Contact or Record-Route URI in an incoming SIP request can cause crash -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2310292 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 8

[Bug 2303919] New: CVE-2024-42365 asterisk: Write=originate, is sufficient permissions for code execution / System() dialplan [fedora-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2303919 Bug ID: 2303919 Summary: CVE-2024-42365 asterisk: Write=originate, is sufficient permissions for code execution / System() dialplan [fedora-all] Product: Fedora Version: 40 Status: NEW Whiteboard: {"flaws": ["2962b812-edb6-4ab1-b6f2-23cedc7f313d"]} Component: asterisk Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: jsmith.fedora(a)gmail.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com Blocks: 2303740 Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2303740 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2303919 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 13

[Bug 2303918] New: CVE-2024-42365 asterisk: Write=originate, is sufficient permissions for code execution / System() dialplan [epel-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2303918 Bug ID: 2303918 Summary: CVE-2024-42365 asterisk: Write=originate, is sufficient permissions for code execution / System() dialplan [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Whiteboard: {"flaws": ["2962b812-edb6-4ab1-b6f2-23cedc7f313d"]} Component: asterisk Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com Blocks: 2303740 Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2303740 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2303918 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 8

[Bug 2281497] New: CVE-2024-35190 asterisk: wrongly matches ALL unauthorized SIP requests [fedora-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2281497 Bug ID: 2281497 Summary: CVE-2024-35190 asterisk: wrongly matches ALL unauthorized SIP requests [fedora-all] Product: Fedora Version: 40 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2281495 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2281497 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 17

[Bug 2281496] New: CVE-2024-35190 asterisk: wrongly matches ALL unauthorized SIP requests [epel-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2281496 Bug ID: 2281496 Summary: CVE-2024-35190 asterisk: wrongly matches ALL unauthorized SIP requests [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2281495 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2281496 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 12

[Bug 2255322] New: asterisk: PJSIP logging allows attacker to inject fake Asterisk log entries [epel-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2255322 Bug ID: 2255322 Summary: asterisk: PJSIP logging allows attacker to inject fake Asterisk log entries [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2255321 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2255322 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 13

[Bug 2254635] New: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [fedora-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254635 Bug ID: 2254635 Summary: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [fedora-all] Product: Fedora Version: 38 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254633 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254635 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 14

[Bug 2254634] New: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [epel-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254634 Bug ID: 2254634 Summary: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254633 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254634 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 10

[Bug 2254632] New: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [fedora-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254632 Bug ID: 2254632 Summary: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [fedora-all] Product: Fedora Version: 38 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254630 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254632 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 14

2026

2025

2024

2023

2022

2021

Epel-packagers-sig September 2024