Re: About the security issues affecting asterisk in Wheezy
Thanks for the note,
On Sat, Nov 11, 2017 at 07:17:04PM +0100, Ola Lundqvist wrote:
> Dear maintainers,
>
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Wheezy:
> https://security-tracker.debian.org/tracker/CVE-2017-16672
The issue is about handling of a SIP INVITE message in Asterisk code
that is related to the external pjsip library.
Pjsip was not linked at all with Asterisk in 1.8 (Wheezy) and was not
used for SIP in Asterisk 11 (Jessie).
How should I mark it so? Mark versions 1:11.13.1~dfsg-2+deb8u2 and
1:1.8.13.1~dfsg1-3+deb7u3 as fixed?
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
tzafrir@debian.org | | friend
Reply to: