On Fri, Nov 10, 2006 at 04:07:14AM +0000, Brandon Kruse wrote: > hello, this has been fixed in the latest branch of asterisk (1.2.13) > and in 1.4
Yes, I know this is fixed in sid. What I want to know is why this buffer overflow is still present in sarge. The fix seems rather straightforward, and patches have been proposed in #394025. > for a temporary fix, ( if its the bug im thinking your talking about ) > just edit /etc/asterisk/modules.conf and noload=>chan_skinny.so I'm not using chan_skinny, so I'm not actually worried about being bitten by this particular bug. However, from what I understand, this is a theoretically exploitable security bug which has been allowed to sit for three weeks, without any update nor announcement for sarge users. *That* is why I'm worried. -- Frédéric Brière <*> [EMAIL PROTECTED] => <[EMAIL PROTECTED]> IS NO MORE: <http://www.abacomsucks.com> <=