Re: About the security issues affecting asterisk in Wheezy

To: Ola Lundqvist <ola@inguza.com>
Cc: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>, debian-lts@lists.debian.org
Subject: Re: About the security issues affecting asterisk in Wheezy
From: Tzafrir Cohen <tzafrir@cohens.org.il>
Date: Sun, 12 Nov 2017 10:14:08 +0100
Message-id: <[🔎] 20171112091404.k4szehob4xeprcng@lemon.cohens.org.il>
In-reply-to: <[🔎] 20171111181704.vijrlolt53pyoo6b@inguza.net>
References: <[🔎] 20171111181704.vijrlolt53pyoo6b@inguza.net>

Thanks for the note,

On Sat, Nov 11, 2017 at 07:17:04PM +0100, Ola Lundqvist wrote:
> Dear maintainers,
> 
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Wheezy:
> https://security-tracker.debian.org/tracker/CVE-2017-16672

The issue is about handling of a SIP INVITE message in Asterisk code
that is related to the external pjsip library.

Pjsip was not linked at all with Asterisk in 1.8 (Wheezy) and was not
used for SIP in Asterisk 11 (Jessie).

How should I mark it so? Mark versions 1:11.13.1~dfsg-2+deb8u2 and
1:1.8.13.1~dfsg1-3+deb7u3 as fixed?

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
tzafrir@debian.org    |                    | friend

Reply to:

Follow-Ups:
- Re: About the security issues affecting asterisk in Wheezy
  - From: Ola Lundqvist <ola@inguza.com>

References:
- About the security issues affecting asterisk in Wheezy
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Wheezy update of roundcube?
Next by Date: Re: rtpproxy / CVE-2017-14114
Previous by thread: About the security issues affecting asterisk in Wheezy
Next by thread: Re: About the security issues affecting asterisk in Wheezy
Index(es):
- Date
- Thread