[security at asterisk.org: [asterisk-security] AST-2017-001: Buffer overflow in CDR's set user]

Bernhard Schmidt berni at debian.org
Wed Apr 5 13:03:24 UTC 2017


Hi,

On 05.04.2017 14:19, Tzafrir Cohen wrote:
> On Wed, Apr 05, 2017 at 10:17:48AM +0300, Tzafrir Cohen wrote:
>> I don't yet have the time to open a proper bug report.
>>
>> But the patch for 13 seems trivial. Asterisk 11 (stable) and probably
>> also 1.8 (oldstable) are not affected.
> 
> Also note that asterisk 13.14.1 includes exactly this bug fix (and
> documentation fixes) on top of 13.14.0, which is the version in Stretch.
> 
> (Again, sorry for lack of further time)
> 
I'll deal with it in the next few days if noone beats me to it.

Bernhard



More information about the Pkg-voip-maintainers mailing list