[Secure-testing-commits] r58977 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 27 22:20:49 UTC 2017
Author: carnil
Date: 2017-12-27 22:20:49 +0000 (Wed, 27 Dec 2017)
New Revision: 58977
Modified:
data/CVE/list
Log:
Update information for CVE-2017-17850/asterisk
Maintainer confirmed question about introducing versions. Confirmed to
be post 13.15.0 and post 13.18.0 partially, resulting in
1:13.17.0~dfsg-1 beeing the first version in Debian including the
vulnerability.
Thanks: Bernhard Schmidt and Tzafrir
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-27 22:17:17 UTC (rev 58976)
+++ data/CVE/list 2017-12-27 22:20:49 UTC (rev 58977)
@@ -249,6 +249,9 @@
RESERVED
CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...)
- asterisk <unfixed> (bug #885072)
+ [stretch] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
+ [jessie] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
+ [wheezy] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 ...)
More information about the Secure-testing-commits
mailing list