Asterisk: multiple vulnerabilities

Moritz Muehlenhoff jmm at inutil.org
Wed Aug 22 19:02:24 UTC 2007


Faidon Liambotis wrote:

> Moritz Muehlenhoff wrote:
> >> I'm a member of the Debian VoIP packages team and I have prepared a
> >> security update for Asterisk for stable that fixes CVE-2007-1594,
> >> CVE-2007-2294, CVE-2007-3762, CVE-2007-3763 and CVE-2007-3764.
> > 
> > Good, it's nice to see progress on asterisk.
> > 
> > There are further issues in Etch:
> > CVE-2007-2297
> Duplicate of CVE-2007-1594 but marked in the changelog anyway.
> If you look at the CVE, they both reference #9313 in Digium's BTS.

I've contacted MITRE for confirmation, so that they can fix their
database.

> I think we should update etch for now and see about lenny in ~2-weeks.
> 
> Do you want me to upload to SecurityUploadQueue or are you going to?
> What about the DSA? Can I help you write it? Moritz was explaining how
> to write a DSA in Edinburgh but I wasn't listening carefully enough :-)

Updates looks fine, please upload. I'll take care of the rest.

What do you do about Sarge?

Cheers,
        Moritz



More information about the Pkg-voip-maintainers mailing list