On Thu, Aug 30, 2012 at 05:51:46PM +0200, Moritz Muehlenhoff wrote: > On Fri, Jul 06, 2012 at 08:06:56AM +0200, Moritz Muehlenhoff wrote: > > Package: asterisk > > Severity: grave > > Tags: security > > > > http://downloads.asterisk.org/pub/security/AST-2012-010.html (no CVE yet) > > http://downloads.asterisk.org/pub/security/AST-2012-011.html (CVE-2012-3812) > > > > 1.6 is not mentioned in the "Affected versions", but I haven't validated > > whether > > because it's no longer supported/tracked upstream or because the issues > > are not present. Can you double-check? > > > > For sid/wheezy, please remember that we're in freeze and only isolated fixes > > are to be made instead of updating to a new full upstream release. > > > > Once you've uploaded, please send an unblock request by filing a bug against > > the release.debian.org pseudo package. > > What's the status? This is marked pending for nearly two months now!
For some reason I had the impression we had 1.8.13.1 packaged. I would suggest to upload 1.8.13.1 , which is exactly 1.8.13.0 + the fixes for those two issues: http://svnview.digium.com/svn/asterisk/tags/1.8.13.1/?view=log For the record, they were fixed in the branch in: http://svnview.digium.com/svn/asterisk?view=revision&revision=369652 http://svnview.digium.com/svn/asterisk?view=revision&revision=369436 Note, however, that today we had the following commits: http://svnview.digium.com/svn/asterisk?view=revision&revision=372015 http://svnview.digium.com/svn/asterisk?view=revision&revision=371998 So this is juas a good a timing as any for a new package. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
