[asterisk-users] app_rpt
Kevin P. Fleming
kpfleming at digium.com
Fri Mar 9 15:10:50 CST 2012
On 03/09/2012 02:56 PM, Josh Freeman wrote:
> The most current patched Asterisk, along with the most current app_rpt,
> can be found at
>
> http://svn.ohnosec.org/svn/projects/allstar/astsrc-1.4.23-pre/trunk/
I'm really trying to avoid fanning the flames here, but if that code is
*really* based on 1.4.23, and hasn't been kept up to date with the
Asterisk 1.4 releases, then that means it contains a number of security
vulnerabilities that users should be aware of. Some of them are user
enumeration vulnerabilities, but others (like AST-2011-010,
AST-2011-005, AST-2011-001, and maybe more) are more serious.
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
More information about the asterisk-users
mailing list