On Wednesday 23 April 2008 18:26, Brian J. Murrell wrote: > On Wed, 2008-04-23 at 08:52 -0500, Tilghman Lesher wrote: > > Please understand that that's NOT the only security fix that has gone in > > during that time. If this is the only thing that you fix, you're likely > > to be vulnerable on several other levels. See our full list of security > > disclosures at http://downloads.digium.com/pub/security/ > > Hrm. Interesting. I don't recall seeing any of those others, such as > AST-2008-005 on this list. Is there some kind of "threat level" > threshold that's applied to what makes the list(s) and what doesn't?
Check the archives. Every single one of the advisories goes out to -users, -dev, -announce, and -security, along with 4 outside lists (bugtraq, voipsec, full disclosure, and one other that I can't think of at the moment). The advisories are also posted at asterisk.org, and I think most of the people who blog on Asterisk pick up the advisories, as well. In short, I can't think of a reason why you should be unaware of any security advisory regarding a past release of Asterisk. -- Tilghman _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
