Bug#847635: AST-2016-009: SIP header whitespace with proxy
Dara Adib
daradib at ocf.berkeley.edu
Sun Dec 11 22:34:57 UTC 2016
Bernhard Schmidt wrote:
> The Debian Security team thinks that this bug does not warrant an
> immediate security update. I tend to agree, since the circumstances of
> this to be exploitable are very special.
>
> Do you agree? We will likely still fix it in Jessie in a point release,
> and we will definitely fix this in time for Stretch (Asterisk 13.13.x
> had a few issues here, thus Stretch has not been upgraded to fixed
> version yet).
Sounds reasonable to me, especially if it's eventually fixed in a
point release. I trust your (and Salvatore's) judgment. I don't use an
SIP proxy for authentication, though, so I don't really have a stake
in the matter. Thanks for merging the bugs.
Dara
More information about the Pkg-voip-maintainers
mailing list