Re: [asterisk-users] Archive of security advisories?
On Thursday 09 September 2010 12:46:10 Kyle Kienapfel wrote: > On Thu, Sep 9, 2010 at 10:25 AM, Carlos Chavez wrote: > >Is there an archive of security advisories for Asterisk? We > > recently > > upgraded a customer from 1.2 to 1.4 and now they are asking for > > documentation of all security and bug related fixes. I know the > > advisories get published on this list but is there an easier way to find > > them than trying to search the list. > > The archive is here: > http://downloads.asterisk.org/pub/security/ > > http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.35 and > search for "ASA-" > > example entry: > > 2007-08-07 18:25 + [r78375] Jason Parker > > * channels/chan_skinny.c: Properly check the capabilities count to > avoid a segfault. (ASA-2007-019) > > > http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ has > change logs from 1.2 > > Looks like 1.4 was started before Asterisk 1.2.13, hopefully they're > not asking for a refactored changelog from asterisk 1.2.19 to 1.4.32 > ;) Shortly after we used the "ASA" moniker, we changed to using "AST" to avoid a conflict with another vendor's security advisories, which used the "ASA" notation prior. We additionally backported all existing advisories which used the "ASA" notation to "AST", so all advisories should be found with the "AST" notation. You're right about the changelogs, though, so we'll look at fixing those at the download site to ensure that it's consistent. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Archive of security advisories?
On Thu, Sep 09, 2010 at 12:25:03PM -0500, Carlos Chavez wrote: > Is there an archive of security advisories for Asterisk? We recently > upgraded a customer from 1.2 to 1.4 and now they are asking for > documentation of all security and bug related fixes. I know the > advisories get published on this list but is there an easier way to find > them than trying to search the list. Recent ones: http://www.asterisk.org/security Back to 2007: http://downloads.asterisk.org/pub/security/ -- Barry -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Archive of security advisories?
-Original Message- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Carlos Chavez Subject: [asterisk-users] Archive of security advisories? > Is there an archive of security advisories for Asterisk? We recently upgraded a customer from 1.2 to 1.4 and now they are asking for documentation of all security and bug related fixes. I know the advisories get published on this list but is there an easier way to find them than trying to search the list. IMO you should be able to get this from the CHANGELOG with the version you install. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Archive of security advisories?
On Thu, Sep 9, 2010 at 10:25 AM, Carlos Chavez wrote: >Is there an archive of security advisories for Asterisk? We > recently > upgraded a customer from 1.2 to 1.4 and now they are asking for > documentation of all security and bug related fixes. I know the > advisories get published on this list but is there an easier way to find > them than trying to search the list. > > -- > Telecomunicaciones Abiertas de México S.A. de C.V. > Carlos Chávez Prats > Director de Tecnología > +52-55-91169161 ext 2001 > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > The archive is here: http://downloads.asterisk.org/pub/security/ http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.35 and search for "ASA-" example entry: 2007-08-07 18:25 + [r78375] Jason Parker * channels/chan_skinny.c: Properly check the capabilities count to avoid a segfault. (ASA-2007-019) http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ has change logs from 1.2 Looks like 1.4 was started before Asterisk 1.2.13, hopefully they're not asking for a refactored changelog from asterisk 1.2.19 to 1.4.32 ;) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Archive of security advisories?
Is there an archive of security advisories for Asterisk? We recently upgraded a customer from 1.2 to 1.4 and now they are asking for documentation of all security and bug related fixes. I know the advisories get published on this list but is there an easier way to find them than trying to search the list. -- Telecomunicaciones Abiertas de México S.A. de C.V. Carlos Chávez Prats Director de Tecnología +52-55-91169161 ext 2001 signature.asc Description: This is a digitally signed message part -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users