Author: agx Date: 2017-06-02 10:10:26 +0000 (Fri, 02 Jun 2017) New Revision: 52229
Modified: data/CVE/list Log: lts: mark asterisk as unaffected by CVE-2017-9358 the while(1) loop is not there and chan_skinny.c:read_input checks that data was returned after both read() calls so it breaks out of the for (;;) loop in case of EOF. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-06-02 10:10:14 UTC (rev 52228) +++ data/CVE/list 2017-06-02 10:10:26 UTC (rev 52229) @@ -18,6 +18,7 @@ RESERVED CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...) - asterisk <unfixed> (bug #863906) + [wheezy] - asterisk <not-affected> (Vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open Source ...) - pjproject <unfixed> (bug #863902) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits