[asterisk-users] Archive of security advisories?

Tilghman Lesher tlesher at digium.com
Thu Sep 9 15:30:31 CDT 2010


On Thursday 09 September 2010 12:46:10 Kyle Kienapfel wrote:
> On Thu, Sep 9, 2010 at 10:25 AM, Carlos Chavez 
<cursor at telecomabmex.com>wrote:
> >        Is there an archive of security advisories for Asterisk?  We
> > recently
> > upgraded a customer from 1.2 to 1.4 and now they are asking for
> > documentation of all security and bug related fixes.  I know the
> > advisories get published on this list but is there an easier way to find
> > them than trying to search the list.
>
> The archive is here:
> http://downloads.asterisk.org/pub/security/
>
> http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.35 and
> search for "ASA-"
>
> example entry:
>
> 2007-08-07 18:25 +0000 [r78375]  Jason Parker <jparker at digium.com>
>
> 	* channels/chan_skinny.c: Properly check the capabilities count to
> 	  avoid a segfault. (ASA-2007-019)
>
>
> http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ has
> change logs from 1.2
>
> Looks like 1.4 was started before Asterisk 1.2.13, hopefully they're
> not asking for a refactored changelog from asterisk 1.2.19 to 1.4.32
> ;)

Shortly after we used the "ASA" moniker, we changed to using "AST" to avoid
a conflict with another vendor's security advisories, which used the "ASA"
notation prior.  We additionally backported all existing advisories which used
the "ASA" notation to "AST", so all advisories should be found with the "AST"
notation.

You're right about the changelogs, though, so we'll look at fixing those at
the download site to ensure that it's consistent.

-- 
Tilghman Lesher
Digium, Inc. | Senior Software Developer
twitter: Corydon76 | IRC: Corydon76-dig (Freenode)
Check us out at: www.digium.com & www.asterisk.org



More information about the asterisk-users mailing list