[asterisk-users] app_rpt

Steve Totaro stotaro at asteriskhelpdesk.com
Sat Mar 10 23:02:47 CST 2012


On Sat, Mar 10, 2012 at 11:23 PM, Tzafrir Cohen <tzafrir.cohen at xorcom.com>wrote:

> On Fri, Mar 09, 2012 at 03:10:50PM -0600, Kevin P. Fleming wrote:
> > On 03/09/2012 02:56 PM, Josh Freeman wrote:
> > >The most current patched Asterisk, along with the most current app_rpt,
> > >can be found at
> > >
> > >http://svn.ohnosec.org/svn/projects/allstar/astsrc-1.4.23-pre/trunk/
> >
> > I'm really trying to avoid fanning the flames here, but if that code
> > is *really* based on 1.4.23, and hasn't been kept up to date with
> > the Asterisk 1.4 releases, then that means it contains a number of
> > security vulnerabilities that users should be aware of. Some of them
> > are user enumeration vulnerabilities, but others (like AST-2011-010,
> > AST-2011-005, AST-2011-001, and maybe more) are more serious.
>
> http://patch-tracker.debian.org/package/asterisk/1:1.4.21.2~dfsg-3+lenny5
> Or:
>
> http://anonscm.debian.org/viewvc/pkg-voip/asterisk/branches/lenny-security/debian/patches/
>
> Those are the patches for the Asterisk package in Debian 5.0 (Lenny). It
> is based on 1.4.21.2 (though with some extra patches: part of the
> bristuff patch). At least for a while I tried to check every security
> fix to see if it applies to Lenny.
>
> --
>               Tzafrir Cohen
> icq#16849755              jabber:tzafrir.cohen at xorcom.com
> +972-50-7952406           mailto:tzafrir.cohen at xorcom.com
> http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir
>
>
I don't use Debian, but since this is a fork, the patches may break app_rpt
again like DAHDI did.

I may fire up a Debian Lenny VM and see if the fork with the patches match
up and work, and then if app_rpt and app_radio compile or throw an error.

The latest all in one ISO uses CentOS 5.7.

Thanks,
Steve Totaro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120311/1f5d9ad1/attachment.htm>


More information about the asterisk-users mailing list