Bug#680470: Two security issues: AST-2012-010 / AST-2012-011
Moritz Muehlenhoff
jmm at inutil.org
Thu Aug 30 15:51:46 UTC 2012
On Fri, Jul 06, 2012 at 08:06:56AM +0200, Moritz Muehlenhoff wrote:
> Package: asterisk
> Severity: grave
> Tags: security
>
> http://downloads.asterisk.org/pub/security/AST-2012-010.html (no CVE yet)
> http://downloads.asterisk.org/pub/security/AST-2012-011.html (CVE-2012-3812)
>
> 1.6 is not mentioned in the "Affected versions", but I haven't validated whether
> because it's no longer supported/tracked upstream or because the issues
> are not present. Can you double-check?
>
> For sid/wheezy, please remember that we're in freeze and only isolated fixes
> are to be made instead of updating to a new full upstream release.
>
> Once you've uploaded, please send an unblock request by filing a bug against
> the release.debian.org pseudo package.
What's the status? This is marked pending for nearly two months now!
Cheers,
Moritz
More information about the Pkg-voip-maintainers
mailing list