[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Update information for CVE-2017-17850/asterisk
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 28 09:00:41 UTC 2017
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
84ff91a0 by Salvatore Bonaccorso at 2017-12-27T22:20:49+00:00
Update information for CVE-2017-17850/asterisk
Maintainer confirmed question about introducing versions. Confirmed to
be post 13.15.0 and post 13.18.0 partially, resulting in
1:13.17.0~dfsg-1 beeing the first version in Debian including the
vulnerability.
Thanks: Bernhard Schmidt and Tzafrir
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58977 e39458fd-73e7-0310-bf30-c45bca0a0e42
- - - - -
107c22e9 by Salvatore Bonaccorso at 2017-12-27T23:13:38+00:00
CVE-2017-17850/asterisk fixed in unstable
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58978 e39458fd-73e7-0310-bf30-c45bca0a0e42
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -248,7 +248,10 @@ CVE-2017-17858
CVE-2017-17851
RESERVED
CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...)
- - asterisk <unfixed> (bug #885072)
+ - asterisk 1:13.18.5~dfsg-1 (bug #885072)
+ [stretch] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
+ [jessie] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
+ [wheezy] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b55af15f3ef78d574aa2f8f3f4477f92fc986414...107c22e993fd2d68c6991c74aeed8ab4570f4702
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b55af15f3ef78d574aa2f8f3f4477f92fc986414...107c22e993fd2d68c6991c74aeed8ab4570f4702
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171228/c04c830a/attachment.html>
More information about the Secure-testing-commits
mailing list