On Fri, Dec 09, 2011 at 09:47:04PM +0100, Moritz Muehlenhoff wrote:
> Source: asterisk
> Severity: grave
> Tags: security
> 
> Please see http://downloads.asterisk.org/pub/security/AST-2011-014.html
> This has been assigned CVE-2011-4598.

What about the pending fixes for #630381 and #639821 ?

> 
> There's also http://downloads.asterisk.org/pub/security/AST-2011-013.html,
> (CVE-2011-4597), which seems rather esoteric and can likely be ignored
> for stable.

This configuration is actually rather common. The bug did not mention
it, but the fix included a patch that changes the default value of the
configugration and also adds a nasty warning if global value does not
match the peer/user entry.

-- 
               Tzafrir Cohen
icq#16849755              jabber:[email protected]
+972-50-7952406           mailto:[email protected]
http://www.xorcom.com  iax:[email protected]/tzafrir



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to