On 03/09/2012 02:56 PM, Josh Freeman wrote:
The most current patched Asterisk, along with the most current app_rpt,
can be found at
http://svn.ohnosec.org/svn/projects/allstar/astsrc-1.4.23-pre/trunk/
I'm really trying to avoid fanning the flames here, but if that code is
*really* based on 1.4.23, and hasn't been kept up to date with the
Asterisk 1.4 releases, then that means it contains a number of security
vulnerabilities that users should be aware of. Some of them are user
enumeration vulnerabilities, but others (like AST-2011-010,
AST-2011-005, AST-2011-001, and maybe more) are more serious.
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
