[Asterisk-Users] Security Vulnerability in Asterisk

Jim Rosenberg jr at amanue.com
Mon Jun 28 18:44:36 MST 2004

--On Monday, June 28, 2004 9:16 PM -0400 James Golovich <james at wwnet.net> 
> It was fixed in CVS head and stable and at the same time 0.9.0 was
> released.  The existance was noted in the ChangeLog as well that comes
> with asterisk

Good. But the OpenH323 patches were not back-patched for *months*.

> I'm not sure if there was an announcement posted to the lists about the
> code release, but it was definitely updated on the asterisk.org page and
> the wiki

Hmm, I see I wasn't subscribed to announce. Shame on me. Well, hopefully in 
the future new versions of stable can be announced.

I'd like to put forward as a good example what the PostgreSQL folks do. 
They post a kind of weekly progress report. It includes a digest of 
important patches, and new releases are announced all over the place. The 
"Sunday Asterisk News" posts seem to be filling that role here, and are a 
good thing, which I applaud.

A new release of stable should be something to brag about, yes?

More information about the asterisk-users mailing list