CVE-2010-1224 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1224): main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
+ 06 Apr 2010; <chainsaw@gentoo.org> -asterisk-1.6.1.17.ebuild, + -asterisk-1.6.2.5.ebuild: + Removing vulnerable ebuilds for CVE-2010-1224 / AST-2010-003 (Remote host + access control bypass) as requested by Stefan "Craig" Behte + <craig@gentoo.org> in security bug #313341. Voting no for GLSA; stable Asterisk (1.2 branch) is not affected. No upgrades will have to be forced as the secure versions have been in the tree since March 15 (1.6.2) / March 16 (1.6.1)
No, too. We never had 1.6.x stable, closing NOGLSA.