Author: agx
Date: 2017-06-02 10:10:26 +0000 (Fri, 02 Jun 2017)
New Revision: 52229
Modified:
data/CVE/list
Log:
lts: mark asterisk as unaffected by CVE-2017-9358
the while(1) loop is not there and chan_skinny.c:read_input checks
that data was returned after both read() calls so it breaks out
of the for (;;) loop in case of EOF.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-06-02 10:10:14 UTC (rev 52228)
+++ data/CVE/list 2017-06-02 10:10:26 UTC (rev 52229)
@@ -18,6 +18,7 @@
RESERVED
CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open
Source 13.x ...)
- asterisk <unfixed> (bug #863906)
+ [wheezy] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt
CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open
Source ...)
- pjproject <unfixed> (bug #863902)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
