** Description changed: - Reviewing RC bugs from Debian shows 2 CVEs fixed in upstream bug-fix - release 1.8.13.1, and 2 additional CVEs fixed in latest Debian release. + (Tracking some collaborative work with persia) + + A review of RC bugs from Debian shows 4 CVEs fixed in the latest Debian + release. This includes 2 CVEs fixed in an upstream (bug-fix level) + release, and 2 fixed in Debian. Currently verifying that a merge is + clean and minimal, for a possible FFe. + + Applying these fixes to Precise SRU would require cherrypicking. + + Unknown if these CVEs affect earlier Ubuntu releases also.
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3812 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1048093 Title: Outstanding security fixes in asterisk To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1048093/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
