Alex Hermann wrote: > On Monday 03 August 2009, Asterisk Team wrote: >> The release of 1.6.1.2 fixes a remote crash security vulnerability in the >> RTP stack. The related security advisory AST-2009-004 has been released >> along with this announcement. Please read that advisory for more >> information. >> >> For a full list of changes in these releases, please see the ChangeLogs: >> http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6 >> .1.2 > > The chaneglog doesn't mention anything on fixing a security issue. Even > worse, > the changelog doesn't mention anyting at all besides the version increment. > Is the fix really applied?
The fix is applied. I just checked to be sure. I can't say for sure why the change did not show up in the changelog, but I'm guessing the reason is that the tag for the release was created first, and then the specific fix was applied to the tag instead of creating the tag based off an already-fixed branch. This was an oversight on our part, and we'll do our best not to make such a mistake again. Mark Michelson _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users