Asterisk: multiple vulnerabilities

Stefan Fritsch sf at debian.org
Sat Aug 18 13:03:06 UTC 2007


On Saturday 18 August 2007, Tzafrir Cohen wrote:
> That said, I see really no point in supporting Asterisk 1.2 on
> Lenny. Asterisk 1.4 is by now stable and the officially-blessed
> version by upstream. We should not waste too many efforts on trying
> to maintain an obsolete version in Testing. What exactly is
> stopping the Sid package of Asterisk from getting into Lenny?

Among other things, it depends on openh232 which seems to FTBFS on 
mipsel because of toolchain issues (assertion failed in ld) [1]. I 
don't expect that this is going to be resolved soon, but asking the 
mipsel porters might be a good idea.


On Saturday 18 August 2007, Faidon Liambotis wrote:
> So, as I said it will need some changes to build successfully under
> current lenny.
>
> We can work on this, even I thought I don't feel entirely
> comfortable making that kind of changes on a security update.
> That's why I proposed to push etch binaries to testing, if that's
> possible (which probably isn't).

AFAIK, this can currently only be done manually by the ftp-masters. 
And I already asked them to do it for iceweasel, etc., but it didn't 
happen.

Having an update that is buildable in lenny would have the advantage 
that we don't depend on ftp-masters. But of course I can't judge how 
difficult it would be to make it build.

> However, I think that at the moment it's more important to push an
> etch update.

That's true.

Cheers,
Stefan


[1]
http://buildd.debian.org/fetch.cgi?&pkg=openh323&ver=1.18.0.dfsg-3&arch=mipsel&stamp=1186845737&file=log



More information about the Pkg-voip-maintainers mailing list