Security Team, hi, Two new asterisk vulnerabilities were announced today, affecting lenny and unstable; the first one affects also etch.
http://downloads.asterisk.org/pub/security/AST-2009-008.html http://downloads.asterisk.org/pub/security/AST-2009-009.html No CVE numbers yet. These are tracked in Debian BTS as #554487 and #554486, respectively. My opinion is that these are relatively minor. My plan is: - for lenny, fixing them in an s-p-u upload (along with some other stacked up fixes) - for sid, fixing them with the next upload, whenever is that, - for etch, not fixing them but announce an EoL of its security support due to other vulnerabilities, as previously agreed with Moritz. Let me know if you disagree with any of the above. Thanks, Faidon -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org