*** This bug is a security vulnerability *** Public security bug reported:
Consider removing asterisk from Ubuntu release but leave in -proposed. This would basically match what has been done in Debian 12 and 13 at the request of the Debian Security Team. See the attached Debian bug. It doesn't feel like Ubuntu Security is managing asterisk better than that. https://tracker.debian.org/pkg/asterisk If Archive Admins agree, they could keep this bug open as the block- proposed bug. Analysis ======== I don't think this _requires_ any other removals. In Debian, asterisk-espeak is not available in testing either. $ reverse-depends src:asterisk Reverse-Recommends ================== * asterisk-prompt-fr-armelle (for asterisk) $ reverse-depends -b src:asterisk Reverse-Testsuite-Triggers ========================== * asterisk-espeak (for asterisk) * asterisk-espeak (for asterisk-config) * dahdi-linux (for asterisk) * dahdi-linux (for asterisk-dahdi) ** Affects: asterisk (Ubuntu) Importance: Undecided Status: New ** Affects: asterisk (Debian) Importance: Unknown Status: Unknown ** Tags: resolute ** Bug watch added: Debian Bug tracker #1031046 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031046 ** Also affects: asterisk (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031046 Importance: Unknown Status: Unknown ** Description changed: - Consider removing asterisk from Ubuntu release but leave in -proposed. + Consider removing asterisk from Ubuntu resolute release but leave in + resolute-proposed. + + I am not proposing removals from existing Ubuntu stable releases here. This would basically match what has been done in Debian 13 at the request of the Debian Security Team. See the attached Debian bug. It doesn't feel like Ubuntu Security is managing asterisk better than that. https://tracker.debian.org/pkg/asterisk If Archive Admins agree, they could keep this bug open as the block- proposed bug. Analysis ======== I don't think this _requires_ any other removals. In Debian, asterisk-espeak is not available in testing either. $ reverse-depends src:asterisk Reverse-Recommends ================== * asterisk-prompt-fr-armelle (for asterisk) $ reverse-depends -b src:asterisk Reverse-Testsuite-Triggers ========================== * asterisk-espeak (for asterisk) * asterisk-espeak (for asterisk-config) * dahdi-linux (for asterisk) * dahdi-linux (for asterisk-dahdi) ** Summary changed: - Remove from Ubuntu release + Remove asterisk from Ubuntu release ** Description changed: Consider removing asterisk from Ubuntu resolute release but leave in resolute-proposed. I am not proposing removals from existing Ubuntu stable releases here. This would basically match what has been done in Debian 13 at the request of the Debian Security Team. See the attached Debian bug. It doesn't feel like Ubuntu Security is managing asterisk better than that. + asterisk is in universe and is unseeded. https://tracker.debian.org/pkg/asterisk If Archive Admins agree, they could keep this bug open as the block- proposed bug. Analysis ======== I don't think this _requires_ any other removals. In Debian, asterisk-espeak is not available in testing either. $ reverse-depends src:asterisk Reverse-Recommends ================== * asterisk-prompt-fr-armelle (for asterisk) $ reverse-depends -b src:asterisk Reverse-Testsuite-Triggers ========================== * asterisk-espeak (for asterisk) * asterisk-espeak (for asterisk-config) * dahdi-linux (for asterisk) * dahdi-linux (for asterisk-dahdi) ** Description changed: - Consider removing asterisk from Ubuntu resolute release but leave in - resolute-proposed. + Consider removing asterisk from Ubuntu release but leave in -proposed. - I am not proposing removals from existing Ubuntu stable releases here. - - This would basically match what has been done in Debian 13 at the + This would basically match what has been done in Debian 12 and 13 at the request of the Debian Security Team. See the attached Debian bug. It doesn't feel like Ubuntu Security is managing asterisk better than that. - asterisk is in universe and is unseeded. https://tracker.debian.org/pkg/asterisk If Archive Admins agree, they could keep this bug open as the block- proposed bug. Analysis ======== I don't think this _requires_ any other removals. In Debian, asterisk-espeak is not available in testing either. $ reverse-depends src:asterisk Reverse-Recommends ================== * asterisk-prompt-fr-armelle (for asterisk) $ reverse-depends -b src:asterisk Reverse-Testsuite-Triggers ========================== * asterisk-espeak (for asterisk) * asterisk-espeak (for asterisk-config) * dahdi-linux (for asterisk) * dahdi-linux (for asterisk-dahdi) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2133938 Title: Remove asterisk from Ubuntu release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/asterisk/+bug/2133938/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
