No subject
Thu Jul 12 09:23:04 CDT 2007
2008-04-30 16:30 +0000 [r114891] Russell Bryant <russell at digium.com>
* include/asterisk/dlinkedlists.h (added), channels/chan_iax2.c:
Merge changes from team/russell/iax2_find_callno and
iax2_find_callno_1.4 These changes address a critical performance
issue introduced in the latest release. The fix for the latest
security issue included a change that made Asterisk randomly
choose call numbers to make them more difficult to guess by
attackers.
[snip some more]
Does this mean that the security fix in 1.2.28 suffers from the same
performance issues and needs a similar fix? The use of the word
"Critical" would suggest that if it exists in 1.2.x it needs fixing.
Or perhaps 1.4 got an "enhanced" version of the security fix?
Regards,
Steve
More information about the asterisk-dev
mailing list