Need help with asterisk?

Tzafrir Cohen tzafrir at cohens.org.il
Tue Oct 11 11:31:58 UTC 2016 

Not completely sure about others issues I need to check, but:

On Tue, Oct 11, 2016 at 01:11:21PM +0200, Bernhard Schmidt wrote:
> On Tue, Oct 11, 2016 at 01:46:13PM +0300, Tzafrir Cohen wrote:
> 
> Hi Tzafrir,
> 
> > On Tue, Oct 11, 2016 at 10:35:38AM +0200, Bernhard Schmidt wrote:
> > > On Sat, Oct 08, 2016 at 09:21:47PM +0200, Bernhard Schmidt wrote:
> > > 
> > > > > Best would be if you can try look into squashing security-related bugs 
> > > > > in stable and oldstable.  Or I could could prepare that and you can take 
> > > > > the dialogue with the release team to get permission for releasing it.
> > > > 
> > > > I'll have a look at the one open security issue in stable, maybe I can
> > > > wrap something up that fixes AST-2016-007. Never dealt with the security
> > > > team either.
> > > 
> > > I'm in contact with the security team and we should have a DSA pretty
> > > soon. The only question now is how to deal with the git repo. The jessie
> > > branch
> > > (https://anonscm.debian.org/cgit/pkg-voip/asterisk.git/log/?h=jessie)
> > > has unreleased changes that won't be eligible for security.
> > 
> > The fixes there:


> > 9f8ffea Add a placeholder conf in manager.c (#776080)
> > 
> >   Not security, but a trivial and important bug-fix. I recommend to
> >   include it.
> 
> I don't think we can get that into a security release (touching /etc
> nevertheless). When the DSA is out I'll have a look at a fix for the
> next point release.

I'm well aware of the impart of changing /etc. Thus it creates a new
file under /etc . This fixes a horny issue in the default configuration
that is all too easy to miss (until you edit manager.conf and see that
changes are not applied, and you see that odd error).

It's a low impact one, as it adds no configuration of its own. So while
not a security fix, it is, IMHO, a good candidate for a low-risk bug fix
that may piggy-back a new security release.

What exactly do you plan to include in the DSA?

-- 
Tzafrir Cohen         | tzafrir at jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir at cohens.org.il |                    |  best
tzafrir at debian.org    |                    | friend

More information about the Pkg-voip-maintainers mailing list