[Asterisk-Users] Asterisk Security vulnerability report
Fearghas McKay
fm-lists at st-kilda.org
Wed Sep 10 12:13:47 MST 2003
At 13:16 -0500 10/9/03, Tilghman Lesher wrote:
>Read the security vulnerability. It referenced CVS as of a certain
>date. If you aren't keeping up with CVS changes, why are you running
>CVS at all?
The security advisory merely says update using CVS to a date later than Aug 15.
It does not indicate when the hole appeared. So until the development team
or someone else informs of us when the hole appeared we have to assume it
was in the last release version.
Are you telling us that the 0.4.0 release in April is safe?
I note the there is now 0.5.0 release dated today in the ftp server which
is welcome news.
Thanks Mark!
f
More information about the asterisk-users
mailing list