Thanks for the note, On Sat, Nov 11, 2017 at 07:17:04PM +0100, Ola Lundqvist wrote: > Dear maintainers, > > The Debian LTS team recently reviewed the security issue(s) affecting your > package in Wheezy: > https://security-tracker.debian.org/tracker/CVE-2017-16672
The issue is about handling of a SIP INVITE message in Asterisk code that is related to the external pjsip library. Pjsip was not linked at all with Asterisk in 1.8 (Wheezy) and was not used for SIP in Asterisk 11 (Jessie). How should I mark it so? Mark versions 1:11.13.1~dfsg-2+deb8u2 and 1:1.8.13.1~dfsg1-3+deb7u3 as fixed? -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best tzaf...@debian.org | | friend
