[asterisk-security] Asterisk-addons 1.2.8 and 1.4.4 released

The Asterisk Development Team asteriskteam at digium.com
Tue Oct 16 18:49:06 CDT 2007


The Asterisk development team has released versions 1.2.8 and 1.4.4 of
Asterisk-addons.

This release contains a fix for a security vulnerability in the cdr_addon_mysql
module.  This module is vulnerable to SQL injection.  See the details on the
security issue in the published advisory:

http://downloads.digium.com/pub/asa/AST-2007-023.pdf

Only systems that use this module for logging CDR records are vulnerable to the
problem.

Thank you for your support!



More information about the asterisk-security mailing list