Bug#704114: asterisk: asterisk security advisories: AST-2013-001 / AST-2013-002 / AST-2013-003
Salvatore Bonaccorso
carnil at debian.org
Sun Apr 7 19:54:12 UTC 2013
Hi Tzafrir
On Sat, Apr 06, 2013 at 03:25:20PM +0300, Tzafrir Cohen wrote:
> Update:
>
> AST-2013-001 (CVE-2013-2685):
> Not applicable to either Stable or Testing/Unstable:
> new code not included yet even in 1.8.
>
> AST-2013-002 (CVE-2013-2686):
> Applies to Testing/Unstable but not to Stable:
> Testing/Unstable: see patch from Upstream. Stable: httpd code does not
> read HTTP POST variables.
>
> AST-2013-003 (CVE-2013-2264):
> Applies to both Testing and Unstable.
> Testing/Unstable: see patch from Upstream. Stable: Patch backported.
>
> For Unstable/Testing I include two other simple bug fixes. Both trivial
> backports from later 1.8.x reevisions.
Thanks a lot for your updated information. I have updated according to
this and the closing version in unstable the security tracker.
[Btw, I think there where two typos for the CVE's in the latest
changelog for unstable, which might be worth fixing in a future upload
to unstable (only to keep the references correct, should have been
CVE-2013-2686 and CVE-2013-2264).]
Thanks for your work!
Regards,
Salvatore
More information about the Pkg-voip-maintainers
mailing list