oss-sec mailing list archives
Update of upstream patch links for AST-2012-007 / CVE-2012-2947 advisory needed
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 30 May 2012 11:58:52 +0200
Hello Richard, this is due the links to patches, as being listed in AST-2012-007 advisory: [1] http://downloads.asterisk.org/pub/security/AST-2012-007.html They are obviously result of copy-n-paste problem from previous upstream AST-2012-006 advisory: 1) Though link name being http://downloads.asterisk.org/pub/security/AST-2012-007-1.8.11-cert.diff it points to: http://downloads.asterisk.org/pub/security/AST-2012-006-1.8.diff 2) http://downloads.asterisk.org/pub/security/AST-2012-007-1.8.diff (link name) => http://downloads.asterisk.org/pub/security/AST-2012-006-1.8.diff (link target) 3) http://downloads.asterisk.org/pub/security/AST-2012-007-10.diff (link name) => http://downloads.asterisk.org/pub/security/AST-2012-006-1.8.diff (link target) From what I can tell (from upstream ticket), the proper AST-2012-007 upstream patch for v1.8.x branch is this one: https://code.asterisk.org/code/rdiff/asterisk/branches/1.8/channels/chan_iax2.c?r1=366880&r2=367781&u&N Could you please update the links in AST-2012-007 for other branches too, so they would reflect relevant */chan_iax2.c change? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- Update of upstream patch links for AST-2012-007 / CVE-2012-2947 advisory needed Jan Lieskovsky (May 30)