[asterisk-users] app_rpt

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sat Mar 10 22:23:59 CST 2012

On Fri, Mar 09, 2012 at 03:10:50PM -0600, Kevin P. Fleming wrote:
> On 03/09/2012 02:56 PM, Josh Freeman wrote:
> >The most current patched Asterisk, along with the most current app_rpt,
> >can be found at
> >
> >http://svn.ohnosec.org/svn/projects/allstar/astsrc-1.4.23-pre/trunk/
> I'm really trying to avoid fanning the flames here, but if that code
> is *really* based on 1.4.23, and hasn't been kept up to date with
> the Asterisk 1.4 releases, then that means it contains a number of
> security vulnerabilities that users should be aware of. Some of them
> are user enumeration vulnerabilities, but others (like AST-2011-010,
> AST-2011-005, AST-2011-001, and maybe more) are more serious.


Those are the patches for the Asterisk package in Debian 5.0 (Lenny). It
is based on (though with some extra patches: part of the
bristuff patch). At least for a while I tried to check every security
fix to see if it applies to Lenny.

               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

More information about the asterisk-users mailing list