[asterisk-dev] counting how many security issues were fixed since 1.4 was branched

Kristian Kielhofner kristian.kielhofner at gmail.com
Tue Mar 13 08:27:27 MST 2007


On 3/13/07, Caio Begotti <caio at ueberalles.net> wrote:
>
> Thanks, Kevin. I'm analysing the ChangeLog right now but I've found
> the "not always flagged" problem too. Does Digium or Asterisk
> developers sign those security alert documents like many Linux
> distributions does when a security fix/problem is found?
>
> I mean, in order to upgrade from 1.2 to 1.4 smoothly in my telco
> customers in Brazil I'll need to show them which, how and when
> security flaws was fixed or solved. So I did remember now about those
> security alert documents :-)
>
> Best regards,
>
> --
> caio[1982] begotti
> http://caio.ueberalles.net
>

Until Asterisk 1.6 is released, security fixes (and other fixes) will
be backported to the 1.2 branch as soon as they are released for 1.4.
Did you notice that when 1.4.1 was released, 1.2.16 was released at
the exact same time?  They both got the security fix for the SIP
issue.

You might have other reasons for upgrading to 1.4, but security fixes
should not be one of them.

Brazil eh?  Are you going to FISL?


-- 
Kristian Kielhofner


More information about the asterisk-dev mailing list