[Secure-testing-commits] r56425 - data/CVE
Markus Koschany
apo at moszumanska.debian.org
Thu Oct 5 10:00:50 UTC 2017
Author: apo
Date: 2017-10-05 10:00:49 +0000 (Thu, 05 Oct 2017)
New Revision: 56425
Modified:
data/CVE/list
Log:
asterisk,CVE-2017-14099,CVE-2017-14603: Ignored for Wheezy
The strictrtp option is disabled by default in Wheezy. This makes it impossible
to exploit the vulnerability. The patch is also too intrusive to backport.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-10-05 09:56:00 UTC (rev 56424)
+++ data/CVE/list 2017-10-05 10:00:49 UTC (rev 56425)
@@ -1218,6 +1218,7 @@
RESERVED
{DSA-3990-1}
- asterisk 1:13.17.2~dfsg-1 (bug #876328)
+ [wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-008.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27274
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27252
@@ -2732,6 +2733,7 @@
CVE-2017-14099 (In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...)
{DSA-3964-1}
- asterisk 1:13.17.1~dfsg-1 (bug #873907)
+ [wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013
NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013
CVE-2017-14077
More information about the Secure-testing-commits
mailing list