On Mon, Jun 28, 2004 at 09:16:13PM -0400, James Golovich wrote:
> Date: Mon, 28 Jun 2004 21:16:13 -0400 (EDT)
> From: James Golovich <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [Asterisk-Users] Security Vulnerability in Asterisk
>
> On Mon, 28 Jun 2
Jim Rosenberg wrote:
--On Monday, June 28, 2004 7:21 PM +0200 Michael Sandee
<[EMAIL PROTECTED]> wrote:
Other than that... if these problems are not being published when
fixed... then other distro's do not have a chance to fix it... (think
about distro's that use "stable" code, but haven't updat
On Mon, 2004-06-28 at 20:44, Jim Rosenberg wrote:
> --On Monday, June 28, 2004 9:16 PM -0400 James Golovich <[EMAIL PROTECTED]>
> wrote:
> > It was fixed in CVS head and stable and at the same time 0.9.0 was
> > released. The existance was noted in the ChangeLog as well that comes
> > with asteri
--On Monday, June 28, 2004 9:16 PM -0400 James Golovich <[EMAIL PROTECTED]>
wrote:
It was fixed in CVS head and stable and at the same time 0.9.0 was
released. The existance was noted in the ChangeLog as well that comes
with asterisk
Good. But the OpenH323 patches were not back-patched for *month
On Mon, 28 Jun 2004, Jim Rosenberg wrote:
> I have to say -- with somewhat less vehemence -- that I'm another user who
> sure never noticed that the "stable" release of Asterisk had moved from
> 0.7.2 to 0.9x. This should have been an important announcement on *SEVERAL*
> security grounds. As
--On Monday, June 28, 2004 7:21 PM +0200 Michael Sandee <[EMAIL PROTECTED]>
wrote:
Other than that... if these problems are not being published when
fixed... then other distro's do not have a chance to fix it... (think
about distro's that use "stable" code, but haven't updated to 0.9 because
of p
It kind of seems to be the policy of... to not
disclose anything to the public and silently update it..
I didn't want to make a fuss about it (again)... but now it's on the ML
anyway...
This type of "elitist" behaviour REALLY sucks...
I hope in the future announcements will be made on this type
This was fixed in cvs HEAD and stable on 4/13/2004 and a new source
release was made at the time (version 0.9.0)
I'm not sure why it would be brought up on a recent newsletter, it was
discussed in here (or maybe on -dev) sometime around 4/15/2004
James
On Mon, 28 Jun 2004, Jim Rosenberg wrote:
The following is pasted from SecurityFocus Newsletter #254:
-
Asterisk PBX Multiple Logging Format String Vulnerabilities
BugTraq ID: 10569
Remote: Yes
Date Published: Jun 18 2004
Relevant URL: http://www.securityfocus.com/bid/10569
Summary:
It is reported that Asterisk is