[Asterisk-Users] Security Vulnerability in Asterisk
Alexei Chetroi
ast at lexa.uniflux-line.net
Tue Jun 29 02:03:04 MST 2004
On Mon, Jun 28, 2004 at 09:16:13PM -0400, James Golovich wrote:
> Date: Mon, 28 Jun 2004 21:16:13 -0400 (EDT)
> From: James Golovich <james at wwnet.net>
> To: asterisk-users at lists.digium.com
> Subject: Re: [Asterisk-Users] Security Vulnerability in Asterisk
>
> On Mon, 28 Jun 2004, Jim Rosenberg wrote:
>
[snip]
> > stable *is not fixed* as far as a large percentage of the user base is
> > concerned.
>
> It was fixed in CVS head and stable and at the same time 0.9.0 was
> released. The existance was noted in the ChangeLog as well that comes
> with asterisk
>
> Asterisk 0.9.0
> -- Logging fixes (fixes remote DoS)
> -- Fixes from the bug tracker
> -- ADPCM Standardization
> -- Branch to Stable CVS
Hi,
I'm currently newbie to Asterisk, but I have to admit that Changelogs
confused me between v1-0_stable and CVS HEAD. In stable there were
mentioned fixes from bug tracker and logging fixes, but in HEAD I've only
seen:
-- Numerous bug fixes
...
-- Numerous bug fixes
...
-- Countless small bug fixes from bug tracker
So I cannot tell whether it was security fixes or just bugfixes. I like
Asterisk project and its active development, But I wish to be more
informed on important changes. IMHO it would be nice, that records in
Changelog be timestamped, so it will be possible correlate changes in
HEAD and backports to stable.
Thanks
--
Alexei Chetroi
More information about the asterisk-users
mailing list