> There is a new asterisk vulnerability report at this address: > > http://www.securiteam.com/unixfocus/5HP0H1PB5S.html > > This is the second security report regarding asterisk for 8 days > (http://www.securiteam.com/securitynews/5LP0720B5G.html) > > Both fixes was reported and fixed silently. > > My question is: Is it possible in the future such a security problems to > be reported in this mailing list or some other security related list?
Of course, this particular bug is likely only going to affect a small subset of people for the following reasons: a) Don't accept VoIP from untrusted sources b) Their telco doesn't permit untrusted source to spoof callerid c) They don't use the SQL CDR recording d) Without actually looking into it, what is the maxlength of callerid anyway? I'm also wondering why it took so long for this bug to be fixed? Also, the list should be notified once the fix is in CVS (which should be when bugtraq etc is notified) Regards, Adam _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
