[Secure-testing-commits] r46937 - data/CVE

[Nicholas Luedtke]

Author: nluedtke-guest
Date: 2016-12-09 16:15:50 +0000 (Fri, 09 Dec 2016)
New Revision: 46937

Modified:
   data/CVE/list
Log:
Update two asterisk issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-12-09 16:15:32 UTC (rev 46936)
+++ data/CVE/list	2016-12-09 16:15:50 UTC (rev 46937)
@@ -1,11 +1,12 @@
 CVE-2016-XXXX [AST-2016-008]
 	- asterisk <unfixed>
+	[jessie] - asterisk <not-affected> (Vulnerable code introduced in 13.12.0)
+	[wheezy] - asterisk <not-affected> (Vulnerable code introduced in 13.12.0)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html
-	TODO: check affected versions
 CVE-2016-XXXX [AST-2016-009]
 	- asterisk <unfixed>
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
-	TODO: check affected versions
+	NOTE: Only applicable if a proxy is in use.
 CVE-2016-9923 [char: use after free issue in char backend]
 	- qemu <unfixed>
 	- qemu-kvm <removed>