Bug#771463: CVE-2014-8418 CVE-2014-8412 CVE-2014-8414 CVE-2014-8417
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Dec 8 05:36:11 UTC 2014
On Sat, Nov 29, 2014 at 10:33:31PM +0100, Moritz Muehlenhoff wrote:
> Source: asterisk
> Severity: grave
> Tags: security
>
> Please see
> http://downloads.digium.com/pub/security/AST-2014-018.html
> http://downloads.digium.com/pub/security/AST-2014-017.html
> http://downloads.digium.com/pub/security/AST-2014-014.html
> http://downloads.digium.com/pub/security/AST-2014-012.html
012 was already "fixed" (in a version uploaded to Unstable, but didn't
stay there long enough). Sadly Unstable has Asterisk 13, and thus those
need to be pushed directly to Jessie.
I created a Jessie branch in git with those fixes. Sadly I didn't have
the time to properly document them.
Feel free to upload it.
For Unstable, I guess a new upstream release is needed (due to the same
security issues. And even more: many issues in chan_pjsip).
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
More information about the Pkg-voip-maintainers
mailing list