[asterisk-users] AST-2008-006 - 3-way handshake in IAX2 incomplete
Brian J. Murrell
brian at interlinx.bc.ca
Tue Apr 22 19:34:03 CDT 2008
On Tue, 2008-04-22 at 17:58 -0500, Security Officer wrote:
> Asterisk Project Security Advisory - AST-2008-006
So given that I'm new to asterisk's svn and bug tracking tool, is it
sufficient then to apply the two patches (iax_dcallno_check-1.2.rev3.txt
and iax_dcallno_check.rev9.txt) listed in
http://bugs.digium.com/view.php?id=10078 to a 1.4.11ish release to
correct this vulnerability? I really don't feel like buying into
any/all of the headaches that went into 1.4.11->1.4.20. You know, "if
it ain't broke don't fix it", and my corollary, "if it is broke, only
fix what's broke, don't try to make it better". :-)
Thanx,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20080422/35c77bc3/attachment.pgp
More information about the asterisk-users
mailing list