Bug#732355: asterisk: Two Asterisk security issues

Moritz Muehlenhoff jmm at inutil.org
Tue Dec 17 17:17:09 UTC 2013


On Tue, Dec 17, 2013 at 05:55:14PM +0200, Tzafrir Cohen wrote:
> On Tue, Dec 17, 2013 at 07:33:53AM +0100, Moritz Muehlenhoff wrote:
> > Package: asterisk
> > Severity: grave
> > Tags: security
> > 
> > Hi,
> > please see
> > http://downloads.asterisk.org/pub/security/AST-2013-006.html and
> > http://downloads.asterisk.org/pub/security/AST-2013-007.html
> 
> Looking at them. At first glance: both of them also affect 1.6.2 from
> old-stable. AST-2013-007 introduces a new configuration item and we have
> to see what the sane default for it should be.

I think we should follow upstream and keep live_dangerously activated
We can add a note to the advisory what setting must be tweaked.

Cheers,
        Moritz



More information about the Pkg-voip-maintainers mailing list