[asterisk-users] AST-2008-006 - 3-way handshake in IAX2 incomplete
Tilghman Lesher
tilghman at mail.jeffandtilghman.com
Thu Apr 24 09:13:15 CDT 2008
On Wednesday 23 April 2008 18:26, Brian J. Murrell wrote:
> On Wed, 2008-04-23 at 08:52 -0500, Tilghman Lesher wrote:
> > Please understand that that's NOT the only security fix that has gone in
> > during that time. If this is the only thing that you fix, you're likely
> > to be vulnerable on several other levels. See our full list of security
> > disclosures at http://downloads.digium.com/pub/security/
>
> Hrm. Interesting. I don't recall seeing any of those others, such as
> AST-2008-005 on this list. Is there some kind of "threat level"
> threshold that's applied to what makes the list(s) and what doesn't?
Check the archives. Every single one of the advisories goes out to -users,
-dev, -announce, and -security, along with 4 outside lists (bugtraq, voipsec,
full disclosure, and one other that I can't think of at the moment). The
advisories are also posted at asterisk.org, and I think most of the people who
blog on Asterisk pick up the advisories, as well.
In short, I can't think of a reason why you should be unaware of any security
advisory regarding a past release of Asterisk.
--
Tilghman
More information about the asterisk-users
mailing list