On Sat, Mar 10, 2012 at 11:23 PM, Tzafrir Cohen <tzafrir.co...@xorcom.com>wrote:
> On Fri, Mar 09, 2012 at 03:10:50PM -0600, Kevin P. Fleming wrote: > > On 03/09/2012 02:56 PM, Josh Freeman wrote: > > >The most current patched Asterisk, along with the most current app_rpt, > > >can be found at > > > > > >http://svn.ohnosec.org/svn/projects/allstar/astsrc-1.4.23-pre/trunk/ > > > > I'm really trying to avoid fanning the flames here, but if that code > > is *really* based on 1.4.23, and hasn't been kept up to date with > > the Asterisk 1.4 releases, then that means it contains a number of > > security vulnerabilities that users should be aware of. Some of them > > are user enumeration vulnerabilities, but others (like AST-2011-010, > > AST-2011-005, AST-2011-001, and maybe more) are more serious. > > http://patch-tracker.debian.org/package/asterisk/1:1.4.21.2~dfsg-3+lenny5 > Or: > > http://anonscm.debian.org/viewvc/pkg-voip/asterisk/branches/lenny-security/debian/patches/ > > Those are the patches for the Asterisk package in Debian 5.0 (Lenny). It > is based on 1.4.21.2 (though with some extra patches: part of the > bristuff patch). At least for a while I tried to check every security > fix to see if it applies to Lenny. > > -- > Tzafrir Cohen > icq#16849755 jabber:tzafrir.co...@xorcom.com > +972-50-7952406 mailto:tzafrir.co...@xorcom.com > http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir > > I don't use Debian, but since this is a fork, the patches may break app_rpt again like DAHDI did. I may fire up a Debian Lenny VM and see if the fork with the patches match up and work, and then if app_rpt and app_radio compile or throw an error. The latest all in one ISO uses CentOS 5.7. Thanks, Steve Totaro
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users