[Secure-testing-commits] r46997 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 12 16:28:37 UTC 2016
Author: carnil
Date: 2016-12-12 16:28:37 +0000 (Mon, 12 Dec 2016)
New Revision: 46997
Modified:
data/CVE/list
Log:
Update status for AST-2016-008
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-12 16:12:24 UTC (rev 46996)
+++ data/CVE/list 2016-12-12 16:28:37 UTC (rev 46997)
@@ -27,10 +27,12 @@
NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-XXXX [AST-2016-008]
- - asterisk <unfixed> (bug #847666)
- [jessie] - asterisk <not-affected> (Vulnerable code introduced in 13.12.0)
- [wheezy] - asterisk <not-affected> (Vulnerable code introduced in 13.12.0)
+ - asterisk <not-affected> (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1)
+ NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable
+ NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending
+ NOTE: function. Thus Debian was never vulnerable.
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html
+ NOTE: Cf. https://bugs.debian.org/847666
CVE-2016-XXXX [AST-2016-009]
- asterisk <unfixed> (bug #847668)
[jessie] - asterisk <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list