Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 84ff91a0 by Salvatore Bonaccorso at 2017-12-27T22:20:49+00:00 Update information for CVE-2017-17850/asterisk Maintainer confirmed question about introducing versions. Confirmed to be post 13.15.0 and post 13.18.0 partially, resulting in 1:13.17.0~dfsg-1 beeing the first version in Debian including the vulnerability. Thanks: Bernhard Schmidt and Tzafrir git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58977 e39458fd-73e7-0310-bf30-c45bca0a0e42 - - - - - 107c22e9 by Salvatore Bonaccorso at 2017-12-27T23:13:38+00:00 CVE-2017-17850/asterisk fixed in unstable git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58978 e39458fd-73e7-0310-bf30-c45bca0a0e42 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -248,7 +248,10 @@ CVE-2017-17858 CVE-2017-17851 RESERVED CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...) - - asterisk <unfixed> (bug #885072) + - asterisk 1:13.18.5~dfsg-1 (bug #885072) + [stretch] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0) + [jessie] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0) + [wheezy] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0) NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480 CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b55af15f3ef78d574aa2f8f3f4477f92fc986414...107c22e993fd2d68c6991c74aeed8ab4570f4702 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b55af15f3ef78d574aa2f8f3f4477f92fc986414...107c22e993fd2d68c6991c74aeed8ab4570f4702 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits