Asterisk: multiple vulnerabilities
Faidon Liambotis
paravoid at debian.org
Wed Aug 22 21:27:39 UTC 2007
Moritz Muehlenhoff wrote:
> What do you do about Sarge?
I just did an evaluation of the vulnerabilities:
vulnerable difficulty
-----------------------------
ASA-2007-011 yes high
ASA-2007-012 yes low
ASA-2007-014 yes medium
ASA-2007-015 yes applies as-is
ASA-2007-016 no
CVE-2007-1306 no
CVE-2007-1561 no
CVE-2007-2488 yes low
I will try to fix these.
Unfortunately, I am unable to runtime test a 1.0 setup, even for SIP or
IAX2 channels.
Plus, I'm sure that in 1.0 there are other, unknown vulnerabilities.
Can the DSA suggest all users to upgrade to one of the more recent versions?
Regards,
Faidon
More information about the Pkg-voip-maintainers
mailing list