[Pkg-voip-commits] [asterisk] 06/06: Include CVEs in changelog
tzafrir at debian.org
tzafrir at debian.org
Tue Dec 16 11:08:38 UTC 2014
This is an automated email from the git hooks/post-receive script.
tzafrir pushed a commit to branch jessie
in repository asterisk.
commit 4791c59dc49b2bde436c3e6f2c3e8c8e0f94af5d
Author: Tzafrir Cohen <tzafrir at debian.org>
Date: Tue Dec 16 13:07:12 2014 +0200
Include CVEs in changelog
---
debian/changelog | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index df0b7f9..43e0138 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,11 +3,14 @@ asterisk (1:11.13.1~dfsg-2) unstable; urgency=medium
* New upstream release: fixes AST-2014-011 (CVE-2014-3566, POODLE).
* Add a local gbp.conf for branch jessie
* New patches for recent security issues (Closes: #771463):
- - AST-2014-012: Mixed IP address families in ACLs may permit unwanted
- traffic
- - AST-2014-014: High call load may result in hung channels in ConfBridge
- - AST-2014-017: Mark CONFBRIDGE as a sensitive function for external APIs
- - AST-2014-018: Mark DB as a sensitive function for external APIs
+ - AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs
+ may permit unwanted traffic
+ - AST-2014-014 (CVE-2014-8414): High call load may result in hung
+ channels in ConfBridge
+ - AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive
+ function for external APIs
+ - AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for
+ external APIs
* AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in
WebSocket Server (Closes: #773230).
* sanity check to avoid changing the ABI hash
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git
More information about the Pkg-voip-commits
mailing list