Re: Asterisk security

To: debian-user@lists.debian.org
Subject: Re: Asterisk security
From: Don Armstrong <don@debian.org>
Date: Sat, 22 Nov 2014 17:11:42 -0800
Message-id: <[🔎] 20141123011142.GE4873@teltox.donarmstrong.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] m4pv1i$b6l$1@ger.gmane.org>
References: <[🔎] m4pv1i$b6l$1@ger.gmane.org>

On Sat, 22 Nov 2014, Rob van der Putten wrote:
> A lot of bugs [1] but no Debian updates. Should I be concerned?

See: 
https://security-tracker.debian.org/tracker/source-package/asterisk

> [1] For instance;
> http://downloads.asterisk.org/pub/security/AST-2014-012.html

AFAICT, this whole fleet of bugs was released two days ago, so it's not
surprising that there isn't yet a fixed version in Debian or a DSA. [I'm
not sure if these were released on the vendorsec list, so there might
not have been any pre-release patch time.]

That said, I'm certain that the maintenance team behind the Debian
asterisk packages would love additional help in preparing tested patches
which fix these issues in squeeze, wheezy, jessie, and unstable.

-- 
Don Armstrong                      http://www.donarmstrong.com

Il semble que la perfection soit atteinte non quand il n'y a plus rien
a ajouter, mais quand il n'y a plus rien a retrancher.
(Perfection is apparently not achieved when nothing more can be added,
but when nothing else can be removed.)
 -- Antoine de Saint-Exupe'ry, Terres des Hommes

Reply to:

References:
- Asterisk security
  - From: Rob van der Putten <rob@sput.nl>

Prev by Date: Re: systemd-free alternatives are not off topic.
Next by Date: Re: systemd-free alternatives are not off topic.
Previous by thread: Re: Asterisk security
Next by thread: systemctl disable does not remove /etc/rc?.d symlinks
Index(es):
- Date
- Thread