[asterisk-dev] Dialstring injection - security advisory release?
Matt Riddell
lists at venturevoip.com
Thu Feb 11 15:47:07 CST 2010
On 12/02/10 10:35 AM, Tilghman Lesher wrote:
>> If it was a feature, surely it would be suggested that the one line
>> change, defaulting to on in asterisk.conf would be preferred.
>
> But it's not a feature, nor is it a bug in the dialplan. Rather, it's a bug
> in certain people's dialplans, which should be fixed. Hence, educating
> people about the potential is the right way forward.
Oh well, few days of pretty intense work coming up to fix a bit under a
hundred Asterisk boxes :)
Maybe it makes sense for me to just write a patch I maintain out of tree.
--
Cheers,
Matt Riddell
Managing Director
_______________________________________________
http://www.venturevoip.com/news.php (Daily Asterisk News)
http://www.venturevoip.com/exchange.php (Full ITSP Solution)
http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer)
More information about the asterisk-dev
mailing list