Debian Security Advisory 1048-1 - Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extension. Emmanouel Kellinis discovered an integer signedness error that could trigger a buffer overflow and hence allow the execution of arbitrary code.
de9c86e77f81bb3e62c148241f9637f082f52aa56219c1cd1f67dfd64c7fc2c0