[asterisk-dev] AST-2011-012: Remote crash vulnerability in SIP channel driver

Jason Parker jparker at digium.com
Tue Oct 18 09:34:36 CDT 2011


On 10/18/2011 09:23 AM, Jeffrey Ollie wrote:
> On Mon, Oct 17, 2011 at 12:44 PM, Asterisk Security Team
> <security at asterisk.org> wrote:
>>
>>                                  Corrected In
>>                  Product                              Release
>>            Asterisk Open Source                 1.8.7.1, 10.0.0-rc1
> 
> Just curious as to what the state of 10.0.0-rc1 is as it hasn't shown
> up on the download site yet or been tagged in SVN.
> 

With 10 still in beta, it seemed more reasonable to wait until rc1 (it will be
Real Soon Now; there is 1 blocker left) rather than make a release specifically
for this security issue.  With that said, if people would like to see an rc1
made that includes this issue (and not wait for the aforementioned blocker), we
can certainly do that.  The patches mentioned in the advisory are also available
for people that would like to apply them.



More information about the asterisk-dev mailing list