Bug#554486: New asterisk vulnerabilities
Moritz Muehlenhoff
jmm at inutil.org
Sat Nov 7 17:15:55 UTC 2009
On Wed, Nov 04, 2009 at 11:09:48PM +0200, Faidon Liambotis wrote:
> Security Team, hi,
>
> Two new asterisk vulnerabilities were announced today, affecting lenny
> and unstable; the first one affects also etch.
>
> http://downloads.asterisk.org/pub/security/AST-2009-008.html
> http://downloads.asterisk.org/pub/security/AST-2009-009.html
>
> No CVE numbers yet.
AST-2009-008 is CVE-2009-3727, the ID for AST-2009-008 in the advisory
is wrong/duped.
> These are tracked in Debian BTS as #554487 and #554486, respectively.
>
> My opinion is that these are relatively minor. My plan is:
> - for lenny, fixing them in an s-p-u upload (along with some other
> stacked up fixes)
> - for sid, fixing them with the next upload, whenever is that,
> - for etch, not fixing them but announce an EoL of its security support
> due to other vulnerabilities, as previously agreed with Moritz.
>
> Let me know if you disagree with any of the above.
Agreed and added to the Security Tracker.
Cheers,
Moritz
More information about the Pkg-voip-maintainers
mailing list