[asterisk-commits] r371998 - svn:log
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Sep 11 12:45:01 CDT 2012
Author: mjordan
Revision: 371998
Modified property: svn:log
Modified: svn:log at Tue Sep 11 12:45:01 2012
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Tue Sep 11 12:45:01 2012
@@ -9,7 +9,7 @@
to do so by inspecting the names of applications and functions passed in with
the Originate action and, if those applications/functions matched a predefined
set of values, rejecting the command if the user lacked the "system" class
-authorization. As reported by IBM X-Force Research, the "ExternalIVR"
+authorization. As noted by IBM X-Force Research, the "ExternalIVR"
application is not listed in the predefined set of values. The solution for
this particular vulnerability is to include the "ExternalIVR" application in the
set of defined applications/functions that require "system" class authorization.
More information about the asterisk-commits
mailing list