[asterisk-security] AST-2008-006 - 3-way handshake in IAX2 incomplete

[Russell Bryant]

Johansson Olle E wrote:
> Does this change affect *all* IAX2 clients and libraries, not only  
> Asterisk?

Not necessarily.  This was just a flaw in the Asterisk implementation of IAX2
that this call number was never verified.

> Is it a change of the protocol which means that we have to update the  
> IAX2 draft?

No.  The fix for this issue did not involve a protocol change of any kind.

-- 
Russell Bryant
Senior Software Engineer
Open Source Team Lead
Digium, Inc.