Log Message:
Update to Asterisk 1.8.32.3:  this is a security fix update.

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.

The release of these versions resolves the following security vulnerability:

* AST-2015-003: TLS Certificate Common name NULL byte exploit

  When Asterisk registers to a SIP TLS device and verifies the
  server, Asterisk will accept signed certificates that match a
  common name other than the one Asterisk is expecting if the signed
  certificate has a common name containing a null byte after the
  portion of the common name that Asterisk expected. This potentially
  allows for a man in the middle attack.

For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the Change Logs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3

The security advisory is available at:

* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

Thank you for your continued support of Asterisk!