Debian has issued an advisory on September 4: https://www.debian.org/security/2017/dsa-3964 Upstream advisories for this from August 31: http://downloads.asterisk.org/pub/security/AST-2017-005.html http://downloads.asterisk.org/pub/security/AST-2017-006.html The issues are fixed in 11.25.2.
Assigning to all packagers collectively, since the registered maintainer for this package, Oden, is probably still unavailable.
CC: (none) => marja11, oeAssignee: bugsquad => pkg-bugs
Debian has issued an advisory on October 3: https://www.debian.org/security/2017/dsa-3990 Upstream advisory for this from September 19: http://downloads.asterisk.org/pub/security/AST-2017-008.html The issues are fixed in 11.25.3.
Summary: asterisk new security issues CVE-2017-14099 and CVE-2017-14100 => asterisk new security issues CVE-2017-14099, CVE-2017-14100, and CVE-2017-14603
I tried to update this, but the %install step failed with: + install -D -p -m 0755 apps/app_directory_plain.so /home/iurt/rpmbuild/BUILDROOT/asterisk-11.25.3-1.mga5.x86_64/usr/lib64/asterisk/modules/ install: cannot stat 'apps/app_directory_plain.so': No such file or directory not sure why. This package is no longer supported.
Status: NEW => RESOLVEDResolution: (none) => OLD