Hi Tzafrir On Fri, Mar 29, 2013 at 06:53:31AM +0100, Salvatore Bonaccorso wrote: > Hi Tzafrir > > On Thu, Mar 28, 2013 at 09:37:30AM +0200, Tzafrir Cohen wrote: > > On Thu, Mar 28, 2013 at 06:23:32AM +0100, Salvatore Bonaccorso wrote: > > > Package: asterisk > > > Severity: grave > > > Tags: security patch upstream > > > > > > Hi, > > > > > > the following vulnerabilities were published for asterisk. > > > > > > CVE-2013-2685[0]: > > > Buffer Overflow Exploit Through SIP SDP Header > > > > > > CVE-2013-2686[1]: > > > Denial of Service in HTTP server > > > > > > CVE-2013-2264[2]: > > > Username disclosure in SIP channel driver > > > > > > For CVE-2013-2685 the tracker[3] mentions only 1.11.x. Could you > > > doublecheck that squeeze, testing and wheezy are not affected? > > > > According to the Upstream advisories, both are in effect for 1.8 . > > Didn't yet check backporting it (to our 1.8 in Testing/Unstable) and to > > 1.6.2 in Stable. > > Thank you for confirming! (note my above comment was related only to > one of the issues, CVE-2013-2685). > > Could you prepare updates to be included via unstable in wheezy?
Ping? Did you had a chance to look at it already? Thanks a lot, and Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
