Bug#876328 Proposed diffs for asterisk CVE-2017-14603
Bernhard Schmidt
berni at debian.org
Mon Oct 2 20:37:04 UTC 2017
On 01.10.2017 00:01, Moritz Mühlenhoff wrote:
Hi,
>>> please find attached the proposed debdiffs for CVE-2017-14603 for both
>>> Jessie and Stretch.
>>>
>>> Unfortunately I'm going on vacation tomorrow and I did not have much
>>> time to test the resulting packages yet. They have been loaded onto my
>>> employers PBX and I hope it won't explode.
>>>
>>> For jessie two small context fixups in the patch provided upstream were
>>> necessary, but they were quite straight forward. This is a seperate
>>> commit in git
>>>
>>> https://anonscm.debian.org/cgit/pkg-voip/asterisk.git/commit/?h=jessie&id=a0ab9219574dffe30961656127efdaf60ed23e69
>>>
>>> For stretch I'd like to include a small non-security fix for one-way
>>> audio with chan_sip. This has been acked by the SRM in Bug#875604
>>>
>>> Both versions are ready to be uploaded in the git repository. I can
>>> either take care of this next weekend or someone else does the upload.
>>
>> I'm back from vacation and am ready to do the upload. Has anyone
>> reviewed the diffs?
>>
>> I have not received any complaints from my employer for the week it has
>> been running there, so I hope it should be fine.
>
> Thanks. The debdiffs look fine, but I was uncomfortable to ask for an upload
> of untested packages. If they're running fine at your employer, please
> proceed with an upload.
Understood. This is the best I could test, so I've uploaded updates for
both jessie and stretch.
Bernhard
More information about the Pkg-voip-maintainers
mailing list