package/asterisk: security bump to version 16.6.2

Fixes the following security vulnerabilities:

AST-2019-006: SIP request can change address of a SIP peer.
A SIP request can be sent to Asterisk that can change a SIP peer’s IP
address.  A REGISTER does not need to occur, and calls can be hijacked as a
result.  The only thing that needs to be known is the peer’s name;
authentication details such as passwords do not need to be known.  This
vulnerability is only exploitable when the “nat” option is set to the
default, or “auto_force_rport”.

https://downloads.asterisk.org/pub/security/AST-2019-006.pdf

AST-2019-007: AMI user could execute system commands.
A remote authenticated Asterisk Manager Interface (AMI) user without
“system” authorization could use a specially crafted “Originate” AMI request
to execute arbitrary system commands.

https://downloads.asterisk.org/pub/security/AST-2019-007.pdf

AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
and no c line in the SDP, a crash will occur.

https://downloads.asterisk.org/pub/security/AST-2019-008.pdf



Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>