Asterisk: multiple vulnerabilities
Moritz Muehlenhoff
jmm at inutil.org
Wed Aug 22 19:02:24 UTC 2007
Faidon Liambotis wrote:
> Moritz Muehlenhoff wrote:
> >> I'm a member of the Debian VoIP packages team and I have prepared a
> >> security update for Asterisk for stable that fixes CVE-2007-1594,
> >> CVE-2007-2294, CVE-2007-3762, CVE-2007-3763 and CVE-2007-3764.
> >
> > Good, it's nice to see progress on asterisk.
> >
> > There are further issues in Etch:
> > CVE-2007-2297
> Duplicate of CVE-2007-1594 but marked in the changelog anyway.
> If you look at the CVE, they both reference #9313 in Digium's BTS.
I've contacted MITRE for confirmation, so that they can fix their
database.
> I think we should update etch for now and see about lenny in ~2-weeks.
>
> Do you want me to upload to SecurityUploadQueue or are you going to?
> What about the DSA? Can I help you write it? Moritz was explaining how
> to write a DSA in Edinburgh but I wasn't listening carefully enough :-)
Updates looks fine, please upload. I'll take care of the rest.
What do you do about Sarge?
Cheers,
Moritz
More information about the Pkg-voip-maintainers
mailing list