[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] asterisk DSA
Moritz Muehlenhoff
jmm at debian.org
Sat Dec 30 11:54:10 UTC 2017
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb9b38d8 by Moritz Muehlenhoff at 2017-12-30T12:53:59+01:00
asterisk DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5882,6 +5882,7 @@ CVE-2017-17665 (In Octopus Deploy before 4.1.3, the machine update process doesn
NOT-FOR-US: Octopus Deploy
CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x before ...)
- asterisk 1:13.18.5~dfsg-1 (bug #884345)
+ [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
[jessie] - asterisk <not-affected> (Vulnerable code introduced later)
[wheezy] - asterisk <not-affected> (Vulnerable code introduced later)
NOTE: http://downloads.digium.com/pub/security/AST-2017-012.html
@@ -11480,6 +11481,7 @@ CVE-2017-16673 (Datto Backup Agent 1.0.6.0 and earlier does not authenticate inc
NOT-FOR-US: Datto Backup Agent
CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 ...)
- asterisk 1:13.18.1~dfsg-1 (bug #881256)
+ [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
[jessie] - asterisk <not-affected> (Vulnerable code not present)
[wheezy] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.digium.com/pub/security/AST-2017-011.html
@@ -11487,6 +11489,7 @@ CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 13.18.
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27345
CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 13 ...)
- asterisk 1:13.18.1~dfsg-1 (bug #881257)
+ [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
[jessie] - asterisk <not-affected> (Vulnerable code do not exist)
[wheezy] - asterisk <not-affected> (Vulnerable code do not exist)
NOTE: http://downloads.digium.com/pub/security/AST-2017-010.html
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -1,3 +1,7 @@
+[30 Dec 2017] DSA-4076-1 asterisk - security update
+ {CVE-2017-17090}
+ [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u5
+ [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
[29 Dec 2017] DSA-4075-1 thunderbird - security update
{CVE-2017-7826 CVE-2017-7828 CVE-2017-7829 CVE-2017-7830 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848}
[jessie] - thunderbird 1:52.5.2-2~deb8u1
=====================================
data/dsa-needed.txt
=====================================
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -14,8 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa
--
389-ds-base (fw)
--
-asterisk
---
chromium-browser/stable
--
gimp (carnil)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb9b38d8f63118a83ecd617d36237965e1abbeb6
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bb9b38d8f63118a83ecd617d36237965e1abbeb6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20171230/75878b10/attachment-0001.html>
More information about the Secure-testing-commits
mailing list