Bug#559103: CVE-2009-4055: RTP Remote Crash Vulnerability
paravoid at debian.org
Sun Dec 6 18:48:33 UTC 2009
Moritz Muehlenhoff wrote:
> Package: asterisk
> Severity: grave
> Tags: security
Thanks! Fix just uploaded to sid; urgency high but likely to be blocked
by the uw-imap transition.
Due to the severity of the vulnerability, it is my opinion that this
should be fixed in lenny via the security queue. The advisory should
also announce the EoL of asterisk in etch (also affected), as previously
We have several fixes accumulated for an upcoming spu upload, including
but not limited to several CVEs that we have agreed before to not handle
them through the security queue due to their low severity.
For more information, you can have a look at the changelog as
prepared in pkg-voip's SVN.
Would you like me to include some of these security fixes to the
security upload as well? Or should I just go and do an upload containing
only the fix for CVE-2009-4055 and handle the rest in spu as originally
More information about the Pkg-voip-maintainers