On Wed, Nov 04, 2009 at 11:09:48PM +0200, Faidon Liambotis wrote:
> Security Team, hi,
>
> Two new asterisk vulnerabilities were announced today, affecting lenny
> and unstable; the first one affects also etch.
>
> http://downloads.asterisk.org/pub/security/AST-2009-008.html
> http://downloads.asterisk.org/pub/security/AST-2009-009.html
>
> No CVE numbers yet.
AST-2009-008 is CVE-2009-3727, the ID for AST-2009-008 in the advisory
is wrong/duped.
> These are tracked in Debian BTS as #554487 and #554486, respectively.
>
> My opinion is that these are relatively minor. My plan is:
> - for lenny, fixing them in an s-p-u upload (along with some other
> stacked up fixes)
> - for sid, fixing them with the next upload, whenever is that,
> - for etch, not fixing them but announce an EoL of its security support
> due to other vulnerabilities, as previously agreed with Moritz.
>
> Let me know if you disagree with any of the above.
Agreed and added to the Security Tracker.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
