Moritz, hi, Moritz Muehlenhoff wrote: > Package: asterisk > Severity: grave > Tags: security > > http://downloads.asterisk.org/pub/security/AST-2009-010.html Thanks! Fix just uploaded to sid; urgency high but likely to be blocked by the uw-imap transition.
Due to the severity of the vulnerability, it is my opinion that this should be fixed in lenny via the security queue. The advisory should also announce the EoL of asterisk in etch (also affected), as previously agreed. We have several fixes accumulated for an upcoming spu upload, including but not limited to several CVEs that we have agreed before to not handle them through the security queue due to their low severity. For more information, you can have a look at the changelog[1] as prepared in pkg-voip's SVN. Would you like me to include some of these security fixes to the security upload as well? Or should I just go and do an upload containing only the fix for CVE-2009-4055 and handle the rest in spu as originally intented? Thanks, Faidon 1: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny/debian/changelog -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org