Package: asterisk
Severity: grave
Tags: security
http://downloads.asterisk.org/pub/security/AST-2012-010.html (no CVE yet)
http://downloads.asterisk.org/pub/security/AST-2012-011.html (CVE-2012-3812)
1.6 is not mentioned in the "Affected versions", but I haven't validated whether
because it's no longer supported/tracked upstream or because the issues
are not present. Can you double-check?
For sid/wheezy, please remember that we're in freeze and only isolated fixes
are to be made instead of updating to a new full upstream release.
Once you've uploaded, please send an unblock request by filing a bug against
the release.debian.org pseudo package.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
