About the security issues affecting asterisk in Wheezy
Tzafrir Cohen
tzafrir at cohens.org.il
Sun Nov 12 09:14:08 UTC 2017
Thanks for the note,
On Sat, Nov 11, 2017 at 07:17:04PM +0100, Ola Lundqvist wrote:
> Dear maintainers,
>
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Wheezy:
> https://security-tracker.debian.org/tracker/CVE-2017-16672
The issue is about handling of a SIP INVITE message in Asterisk code
that is related to the external pjsip library.
Pjsip was not linked at all with Asterisk in 1.8 (Wheezy) and was not
used for SIP in Asterisk 11 (Jessie).
How should I mark it so? Mark versions 1:11.13.1~dfsg-2+deb8u2 and
1:1.8.13.1~dfsg1-3+deb7u3 as fixed?
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the Pkg-voip-maintainers
mailing list