Hi Faidon,
* Faidon Liambotis <[EMAIL PROTECTED]> [2007-12-19 20:18]:
> Nico Golde wrote:
> > CVE-2007-6430[0]:
> > | Due to the way database-based registrations ("realtime")
> > | are processed, IP addresses are not checked when the
> > | username is correct and there is no password. An
> > | attacker may impersonate any user using host-based
> > | authentication without a secret, simply by guessing the
> > | username of that user. This is limited in scope to
> > | administrators who have set up the registration database
> > | ("realtime") for authentication and are using only
> > | host-based authentication, not passwords. However, both
> > | the SIP and IAX protocols are affected.
> This is affecting unstable and stable. oldstable is not affected.
>
> I'll upload 1.4.16 (.1 due soon probably, since .16 has a major bug) to
> unstable probably tomorrow or the day after that.
[...]
Sounds good, thanks for taking care of it.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpSooH9CPukn.pgp
Description: PGP signature
