[Secure-testing-commits] r39486 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Fri Feb 5 18:14:43 UTC 2016
Author: anarcat
Date: 2016-02-05 18:14:43 +0000 (Fri, 05 Feb 2016)
New Revision: 39486
Modified:
data/CVE/list
Log:
Summary: clarify vulnerable versions of asterisk
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-02-05 18:11:37 UTC (rev 39485)
+++ data/CVE/list 2016-02-05 18:14:43 UTC (rev 39486)
@@ -56,17 +56,20 @@
- asterisk <unfixed>
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-003.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25603
- TODO: check versions
+ NOTE: all versions down to 1.8 (wheezy) are vulnerable
+ TODO: see if squeeze (1.6) is vulnerable
CVE-2016-XXXX [AST-2016-002: File descriptor exhaustion in chan_sip]
- asterisk <unfixed>
NOTE: http://downloads.asterisk.org/pub/security/AST-2016-002.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25397
- TODO: check versions
+ NOTE: all versions down to 1.8 (wheezy) are vulnerable
+ TODO: see if squeeze (1.6) is vulnerable
CVE-2016-XXXX [AST-2016-001: BEAST vulnerability in HTTP server]
- asterisk <unfixed>
NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972
- TODO: check versions
+ NOTE: all versions down to 1.8 (wheezy) are vulnerable
+ TODO: see if squeeze (1.6) is vulnerable
CVE-2016-XXXX [simpleid: passwords are stored as MD5]
- simpleid <unfixed> (bug #813611)
CVE-2016-XXXX [XSS in Horde_Core_VarRenderer_Html]
More information about the Secure-testing-commits
mailing list