Bug#552756: AST-2009-007: SIP INVITE ACL bypass

Raphael Geissert geissert at debian.org
Thu Oct 29 15:14:44 UTC 2009


Hi,

2009/10/29 Faidon Liambotis <paravoid at debian.org>:
> Raphael Geissert wrote:
>> Yes, the versions in testing and unstable (at least those that were
>> there before I reported it) were both affected. May I suggest you to
>> reply to the email in the future whenever you don't think it affects a
>> version? the versions in the descriptions are usually not exclusive
>> and should be treated as 'at least' (not much we can do, as it is
>> mitre who writes the descriptions).
> Reply to which email?

The bug report ;)

>
> And FWIW, Asterisk security advisories mention version numbers
> explicitelly and do not follow the "at least" rule.
>
> However, the version that we ship in unstable is a release candidate
> (rc3) for 1.6.2 and hence is not mentioned at all in those advisories.
> That was the source of the confusion.

Ah, right, sorry, I though the description came from the CVE (but
there's none assigned, to the best of my knowledge, yet).

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net





More information about the Pkg-voip-maintainers mailing list