I can;t imagine what headaches you'd have going from 1.4.11 to 1.4.19.1... that is a minor version upgrade... no real change in functionality.... thats basically 8 versions of bug fixes... if you just apply the IAX2 patch, you'll be fixing 1 out of probably a hundreds of bugs. Going from 1.4.x to 1.6.x however... you'd run into some headaches probably... but if you are staying in the 1.4 series you shouldn;t have any problems... worst case is if its broke you just make install your 1.4.11 overtop of 1.4.19.1 to revert back.
-- Matt ________________________________________ From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of Brian J. Murrell [EMAIL PROTECTED] Sent: Tuesday, April 22, 2008 8:34 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] AST-2008-006 - 3-way handshake in IAX2 incomplete On Tue, 2008-04-22 at 17:58 -0500, Security Officer wrote: > Asterisk Project Security Advisory - AST-2008-006 So given that I'm new to asterisk's svn and bug tracking tool, is it sufficient then to apply the two patches (iax_dcallno_check-1.2.rev3.txt and iax_dcallno_check.rev9.txt) listed in http://bugs.digium.com/view.php?id=10078 to a 1.4.11ish release to correct this vulnerability? I really don't feel like buying into any/all of the headaches that went into 1.4.11->1.4.20. You know, "if it ain't broke don't fix it", and my corollary, "if it is broke, only fix what's broke, don't try to make it better". :-) Thanx, b. _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users