[Asterisk-Users] Notice for Gentoo Users In Regard to mpg123

[brian k. west]

> at that time, reverting to 0.59r (potential security issues) or
> resampling all mp3 moh to the actual recommended 8khz seemed to be the
> only workarounds.

Heap-based buffer overflow in readstring of httpget.c

http://www.mpg123.de/mpg123/mpg123-0.59r.tar.gz

I doubt the file straight from the src still contains the bug.  0.59s might
be ok haven't tested it yet... but I don't use http streams for moh.

bkw