Bernhard Schmidt wrote:
> The Debian Security team thinks that this bug does not warrant an
> immediate security update. I tend to agree, since the circumstances of
> this to be exploitable are very special.
>
> Do you agree? We will likely still fix it in Jessie in a point release,
> and we will definitely fix this in time for Stretch (Asterisk 13.13.x
> had a few issues here, thus Stretch has not been upgraded to fixed
> version yet).

Sounds reasonable to me, especially if it's eventually fixed in a
point release. I trust your (and Salvatore's) judgment. I don't use an
SIP proxy for authentication, though, so I don't really have a stake
in the matter. Thanks for merging the bugs.

Dara

Reply via email to