Bug#876328 Proposed diffs for asterisk CVE-2017-14603

Moritz Mühlenhoff jmm at inutil.org
Sat Sep 30 22:01:25 UTC 2017


On Sat, Sep 30, 2017 at 10:24:58PM +0200, Bernhard Schmidt wrote:
> On 23.09.2017 22:27, Bernhard Schmidt wrote:
> 
> Hi,
> 
> > please find attached the proposed debdiffs for CVE-2017-14603 for both
> > Jessie and Stretch.
> > 
> > Unfortunately I'm going on vacation tomorrow and I did not have much
> > time to test the resulting packages yet. They have been loaded onto my
> > employers PBX and I hope it won't explode.
> > 
> > For jessie two small context fixups in the patch provided upstream were
> > necessary, but they were quite straight forward. This is a seperate
> > commit in git
> > 
> > https://anonscm.debian.org/cgit/pkg-voip/asterisk.git/commit/?h=jessie&id=a0ab9219574dffe30961656127efdaf60ed23e69
> > 
> > For stretch I'd like to include a small non-security fix for one-way
> > audio with chan_sip. This has been acked by the SRM in Bug#875604
> > 
> > Both versions are ready to be uploaded in the git repository. I can
> > either take care of this next weekend or someone else does the upload.
> 
> I'm back from vacation and am ready to do the upload. Has anyone
> reviewed the diffs?
> 
> I have not received any complaints from my employer for the week it has
> been running there, so I hope it should be fine.

Thanks. The debdiffs look fine, but I was uncomfortable to ask for an upload
of untested packages. If they're running fine at your employer, please
proceed with an upload.

Cheers,
        Moritz



More information about the Pkg-voip-maintainers mailing list