[Pkg-voip-commits] [asterisk] 06/06: Include CVEs in changelog

[tzafrir at debian.org]

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch jessie
in repository asterisk.

commit 4791c59dc49b2bde436c3e6f2c3e8c8e0f94af5d
Author: Tzafrir Cohen <tzafrir at debian.org>
Date:   Tue Dec 16 13:07:12 2014 +0200

    Include CVEs in changelog
---
 debian/changelog | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index df0b7f9..43e0138 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,11 +3,14 @@ asterisk (1:11.13.1~dfsg-2) unstable; urgency=medium
   * New upstream release: fixes AST-2014-011 (CVE-2014-3566, POODLE).
   * Add a local gbp.conf for branch jessie
   * New patches for recent security issues (Closes: #771463):
-    - AST-2014-012: Mixed IP address families in ACLs may permit unwanted
-      traffic
-    - AST-2014-014: High call load may result in hung channels in ConfBridge
-    - AST-2014-017: Mark CONFBRIDGE as a sensitive function for external APIs
-    - AST-2014-018: Mark DB as a sensitive function for external APIs
+    - AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs
+      may permit unwanted traffic
+    - AST-2014-014 (CVE-2014-8414): High call load may result in hung
+      channels in ConfBridge
+    - AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive
+      function for external APIs
+    - AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for
+      external APIs
   * AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in
     WebSocket Server (Closes: #773230).
   * sanity check to avoid changing the ABI hash

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git