The last commiter (5 months ago) is one of the more active people in debian-voip. That person hasn't responded to the thread linked above asking for it to be removed.
I am concerned that this vulnerability has been in the wild since 2008-03-24, and upstream hasn't yet responded with a resolution. I would imagine it would be prudent to remove from the archive until a suitable solution has been found. I do not believe a suitable security fix will be made any time soon from either Ubuntu or Debian developers. Looking at the linked bug report that I made, there should be no doubt - it is a *VERY* serious security vulnerability. Additionally, the package is not compatible with the Asterisk currently in the Karmic archives, and i'm not every sure it is compatible with any version other than the one in Dapper. If the above points are resolved, then surely it could be re-introduced? -- Remove from archive. https://bugs.launchpad.net/bugs/432119 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
