[Bug 1048093] Re: Outstanding security fixes in asterisk
Allison Randal
allison at lohutok.net
Sun Sep 9 05:39:33 UTC 2012
** Description changed:
- Reviewing RC bugs from Debian shows 2 CVEs fixed in upstream bug-fix
- release 1.8.13.1, and 2 additional CVEs fixed in latest Debian release.
+ (Tracking some collaborative work with persia)
+
+ A review of RC bugs from Debian shows 4 CVEs fixed in the latest Debian
+ release. This includes 2 CVEs fixed in an upstream (bug-fix level)
+ release, and 2 fixed in Debian. Currently verifying that a merge is
+ clean and minimal, for a possible FFe.
+
+ Applying these fixes to Precise SRU would require cherrypicking.
+
+ Unknown if these CVEs affect earlier Ubuntu releases also.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3812
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to asterisk in Ubuntu.
https://bugs.launchpad.net/bugs/1048093
Title:
Outstanding security fixes in asterisk
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1048093/+subscriptions
More information about the Ubuntu-server-bugs
mailing list