On Tuesday 22 April 2008 19:34, Brian J. Murrell wrote: > On Tue, 2008-04-22 at 17:58 -0500, Security Officer wrote: > > Asterisk Project Security Advisory - AST-2008-006 > > So given that I'm new to asterisk's svn and bug tracking tool, is it > sufficient then to apply the two patches (iax_dcallno_check-1.2.rev3.txt > and iax_dcallno_check.rev9.txt) listed in > http://bugs.digium.com/view.php?id=10078 to a 1.4.11ish release to > correct this vulnerability? I really don't feel like buying into > any/all of the headaches that went into 1.4.11->1.4.20. You know, "if > it ain't broke don't fix it", and my corollary, "if it is broke, only > fix what's broke, don't try to make it better". :-)
Please understand that that's NOT the only security fix that has gone in during that time. If this is the only thing that you fix, you're likely to be vulnerable on several other levels. See our full list of security disclosures at http://downloads.digium.com/pub/security/ -- Tilghman _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users