Bug#732355: asterisk: Two Asterisk security issues
Moritz Muehlenhoff
jmm at inutil.org
Fri Dec 20 14:34:45 UTC 2013
On Fri, Dec 20, 2013 at 03:14:00PM +0200, Tzafrir Cohen wrote:
> On Tue, Dec 17, 2013 at 06:17:09PM +0100, Moritz Muehlenhoff wrote:
> > On Tue, Dec 17, 2013 at 05:55:14PM +0200, Tzafrir Cohen wrote:
> > > On Tue, Dec 17, 2013 at 07:33:53AM +0100, Moritz Muehlenhoff wrote:
> > > > Package: asterisk
> > > > Severity: grave
> > > > Tags: security
> > > >
> > > > Hi,
> > > > please see
> > > > http://downloads.asterisk.org/pub/security/AST-2013-006.html and
> > > > http://downloads.asterisk.org/pub/security/AST-2013-007.html
> > >
> > > Looking at them. At first glance: both of them also affect 1.6.2 from
> > > old-stable. AST-2013-007 introduces a new configuration item and we have
> > > to see what the sane default for it should be.
> >
> > I think we should follow upstream and keep live_dangerously activated
> > We can add a note to the advisory what setting must be tweaked.
>
> Attached are debdiffs for oldstable and stable uploads. I couldn't find
> CVE entries.
Please adjust the distribution lines to oldstable-security and stable-security
and upload to security-master.
Have you been able to test these on a live system?
Cheers,
Moritz
More information about the Pkg-voip-maintainers
mailing list