Control: forcemerge 847668 -1 On Fri, Dec 09, 2016 at 11:30:27PM -0500, Dara Adib wrote:
Hello Dara, > Package: asterisk > Version: 1:11.13.1~dfsg-2+deb8u1 > Severity: important > Tags: security patch > > https://security-tracker.debian.org/tracker/TEMP-0000000-5567B0 > http://downloads.asterisk.org/pub/security/AST-2016-009.html > > I believe this is the patch: > https://gerrit.asterisk.org/4587 Thanks for the report. Salvatore from the Debian Security team has already filed a report as well (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668), I'm merging those bugs. The Debian Security team thinks that this bug does not warrant an immediate security update. I tend to agree, since the circumstances of this to be exploitable are very special. Do you agree? We will likely still fix it in Jessie in a point release, and we will definitely fix this in time for Stretch (Asterisk 13.13.x had a few issues here, thus Stretch has not been upgraded to fixed version yet). Bernhard
signature.asc
Description: Digital signature

