Bug#552756: AST-2009-007: SIP INVITE ACL bypass
paravoid at debian.org
Thu Oct 29 15:10:10 UTC 2009
Raphael Geissert wrote:
> Yes, the versions in testing and unstable (at least those that were
> there before I reported it) were both affected. May I suggest you to
> reply to the email in the future whenever you don't think it affects a
> version? the versions in the descriptions are usually not exclusive
> and should be treated as 'at least' (not much we can do, as it is
> mitre who writes the descriptions).
Reply to which email?
And FWIW, Asterisk security advisories mention version numbers
explicitelly and do not follow the "at least" rule.
However, the version that we ship in unstable is a release candidate
(rc3) for 1.6.2 and hence is not mentioned at all in those advisories.
That was the source of the confusion.
More information about the Pkg-voip-maintainers