[Asterisk-Users] NEW Asterisk Security vulnerability report ...

Tilghman Lesher tilghman at mail.jeffandtilghman.com
Wed Sep 17 19:56:03 MST 2003


On Wednesday 17 September 2003 08:15, Lubomir Christov wrote:
> Hello,
>
> There is a new asterisk vulnerability report at this address:
>
> http://www.securiteam.com/unixfocus/5HP0H1PB5S.html

They lie.  My email address is at the top of the cdr_mysql.c source
file, and yet I was never contacted.

> Both fixes was reported and fixed silently.
>
> My question is: Is it possible in the future such a security problems
> to be reported in this mailing list or some other security related
> list?

Sure, why don't you ask the security "researchers" to post the problem
to the -dev list, instead of only on their website (where we get to find
out only long after the fact)?

-Tilghman




More information about the asterisk-users mailing list