Bug#554487: New asterisk vulnerabilities
Faidon Liambotis
paravoid at debian.org
Wed Nov 4 21:09:48 UTC 2009
Security Team, hi,
Two new asterisk vulnerabilities were announced today, affecting lenny
and unstable; the first one affects also etch.
http://downloads.asterisk.org/pub/security/AST-2009-008.html
http://downloads.asterisk.org/pub/security/AST-2009-009.html
No CVE numbers yet.
These are tracked in Debian BTS as #554487 and #554486, respectively.
My opinion is that these are relatively minor. My plan is:
- for lenny, fixing them in an s-p-u upload (along with some other
stacked up fixes)
- for sid, fixing them with the next upload, whenever is that,
- for etch, not fixing them but announce an EoL of its security support
due to other vulnerabilities, as previously agreed with Moritz.
Let me know if you disagree with any of the above.
Thanks,
Faidon
More information about the Pkg-voip-maintainers
mailing list