On Fri, Jul 06, 2012 at 08:06:56AM +0200, Moritz Muehlenhoff wrote:
> Package: asterisk
> Severity: grave
> Tags: security
>
> http://downloads.asterisk.org/pub/security/AST-2012-010.html (no CVE yet)
> http://downloads.asterisk.org/pub/security/AST-2012-011.html (CVE-2012-3812)
>
> 1.6 is not mentioned in the "Affected versions", but I haven't validated
> whether
> because it's no longer supported/tracked upstream or because the issues
> are not present. Can you double-check?
>
> For sid/wheezy, please remember that we're in freeze and only isolated fixes
> are to be made instead of updating to a new full upstream release.
>
> Once you've uploaded, please send an unblock request by filing a bug against
> the release.debian.org pseudo package.
What's the status? This is marked pending for nearly two months now!
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
