** Description changed: (Tracking some collaborative work with persia) A review of RC bugs from Debian shows 4 CVEs fixed in the latest Debian release. This includes 2 CVEs fixed in an upstream (bug-fix level) - release, and 2 fixed in Debian. Currently verifying that a merge is - clean and minimal, for a possible FFe. + release, and 2 fixed in Debian. Update: this Debian release has now been + merged to quantal, see LP: #1022360 Applying these fixes to Precise SRU would require cherrypicking. - Unknown if these CVEs affect earlier Ubuntu releases also. + All CVEs affect only 1.8.x series of asterisk, so no work is needed for + releases earlier than precise.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to asterisk in Ubuntu. https://bugs.launchpad.net/bugs/1048093 Title: Outstanding security fixes in asterisk To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/1048093/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs