[Secure-testing-commits] r39489 - in data: . CVE

[Antoine Beaupré]

Author: anarcat
Date: 2016-02-05 19:47:14 +0000 (Fri, 05 Feb 2016)
New Revision: 39489

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
missed that asterisk is unsupported in squeeze

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-05 18:39:28 UTC (rev 39488)
+++ data/CVE/list	2016-02-05 19:47:14 UTC (rev 39489)
@@ -54,24 +54,27 @@
 	NOTE: https://github.com/python-pillow/Pillow/commit/41fae6d9e2da741d2c5464775c7f1a609ea03798
 CVE-2016-XXXX [AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data]
 	- asterisk <unfixed>
+	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-003.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25603
 	NOTE: issue was introduced in 2006 with commit 0f5e4e47, so squeeze and previous also vulnerable
 	NOTE: patch for 11 / jessie: https://code.asterisk.org/code/changelog/asterisk?cs=da2573a3779425654543d6ac4c4dd6871ce16720
-	NOTE: all versions vulnerable, backport required for wheezy and squeeze-LTS
+	NOTE: all versions vulnerable, backport required for wheezy
 CVE-2016-XXXX [AST-2016-002: File descriptor exhaustion in chan_sip]
 	- asterisk <unfixed>
+	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-002.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25397
 	NOTE: issue introduced in ~2008 with the SIP timer support implementation (https://issues.asterisk.org/jira/browse/ASTERISK-4257 https://issues.asterisk.org/jira/browse/ASTERISK-5187), so squeeze also vulnerable
 	NOTE: patch for jessie / 11: https://code.asterisk.org/code/changelog/asterisk?cs=882e85388295eac8eebd0b82e71a9af0a769b41f
-	NOTE: all versions vulnerable, backport required for wheezy and squeeze-LTS
+	NOTE: all versions vulnerable, backport required for wheezy
 CVE-2016-XXXX [AST-2016-001: BEAST vulnerability in HTTP server]
 	- asterisk <unfixed>
+	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972
 	NOTE: patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
-	NOTE: all versions vulnerable, backport required for wheezy and squeeze-LTS
+	NOTE: all versions vulnerable, backport required for wheezy
 CVE-2016-XXXX [simpleid: passwords are stored as MD5]
 	- simpleid <unfixed> (bug #813611)
 CVE-2016-XXXX [XSS in Horde_Core_VarRenderer_Html]

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-02-05 18:39:28 UTC (rev 39488)
+++ data/dla-needed.txt	2016-02-05 19:47:14 UTC (rev 39489)
@@ -9,9 +9,6 @@
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues
 
 --
-asterisk
-  NOTE: patches available for jessie need to be backported to squeeze/wheezy
---
 cakephp
   NOTE: 20160123, No official solution is currently available.
 --