2009/10/29 Faidon Liambotis <[email protected]>: > Raphael Geissert wrote: >> A vulnerability has been reported in asterisk that allows a device to make >> calls on networks intended to be prohibited as defined by the "deny" >> and "permit" lines in sip.conf. >> >> The original advisory can be found at: >> http://downloads.asterisk.org/pub/security/AST-2009-007.html >> >> And the patch at: >> http://downloads.asterisk.org/pub/security/AST-2009-007-1.6.1.diff.txt > I saw that but initially ignored it since it said it was affecting only > 1.6.1. It seems, however, that it also affects 1.6.2 and a fix is > commmited in upstream's SVN. >
Yes, the versions in testing and unstable (at least those that were there before I reported it) were both affected. May I suggest you to reply to the email in the future whenever you don't think it affects a version? the versions in the descriptions are usually not exclusive and should be treated as 'at least' (not much we can do, as it is mitre who writes the descriptions). Thanks. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
