[Secure-testing-commits] r56425 - data/CVE

Markus Koschany Thu, 05 Oct 2017 03:02:32 -0700

Author: apo
Date: 2017-10-05 10:00:49 +0000 (Thu, 05 Oct 2017)
New Revision: 56425


Modified:
   data/CVE/list
Log:
asterisk,CVE-2017-14099,CVE-2017-14603: Ignored for Wheezy

The strictrtp option is disabled by default in Wheezy. This makes it impossible
to exploit the vulnerability. The patch is also too intrusive to backport.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-10-05 09:56:00 UTC (rev 56424)
+++ data/CVE/list       2017-10-05 10:00:49 UTC (rev 56425)
@@ -1218,6 +1218,7 @@
        RESERVED
        {DSA-3990-1}
        - asterisk 1:13.17.2~dfsg-1 (bug #876328)
+       [wheezy] - asterisk <ignored> (strictrtp option is disabled by default. 
Too intrusive too backport)
        NOTE: http://downloads.asterisk.org/pub/security/AST-2017-008.html
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27274
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27252
@@ -2732,6 +2733,7 @@
 CVE-2017-14099 (In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 
13.x before ...)
        {DSA-3964-1}
        - asterisk 1:13.17.1~dfsg-1 (bug #873907)
+       [wheezy] - asterisk <ignored> (strictrtp option is disabled by default. 
Too intrusive too backport)
        NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013
        NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013
 CVE-2017-14077


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r56425 - data/CVE

Reply via email to