VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
asteriskteam at digium...
Guest
|
 Posted: Tue Apr 22, 2008 6:05 pm Post subject: [asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19 |
 |
|
The Asterisk development team has released versions 1.2.28, 1.4.19.1, and
1.6.0-beta8.
All of these releases contain a security patch for the vulnerability described
in the AST-2008-006 security advisory. 1.6.0-beta8 is also a regular update to
the 1.6.0 series with a number of bug fixes over the previous beta release.
Early last year, we made some modifications to the IAX2 channel driver to combat
potential usage of IAX2 in traffic amplification attacks. Unfortunately, our
fix was not complete and we were not notified of this until the original
reporter of the issue decided to release information on how to exploit it to the
public.
This issue affects all users of IAX2 that have allowed non-authenticated calls.
For more information on the vulnerability, see the published security advisory.
* http://downloads.digium.com/pub/security/AST-2008-006.pdf
All releases are available for download from the following location:
* http://downloads.digium.com/pub/telephony/asterisk/
Thank you for your continued support of Asterisk!
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-announce mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-announce |
|
| Back to top |
|
 |
tony at softins.clara....
Guest
|
| Posted: Wed Apr 23, 2008 4:19 am Post subject: [asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19 |
|
|
In article <480E6F23.8050909 at digium.com>,
The Asterisk Development Team <asteriskteam at digium.com> wrote:
| Quote: | The Asterisk development team has released versions 1.2.28, 1.4.19.1, and
1.6.0-beta8.
All of these releases contain a security patch for the vulnerability described
in the AST-2008-006 security advisory. 1.6.0-beta8 is also a regular update to
the 1.6.0 series with a number of bug fixes over the previous beta release.
|
That advisory states that the fix is in 1.4.20, not 1.4.19.1. Why was the 1.4
release tagged as 1.4.19.1?
Personally, I prefer all releases to be x.y.z, and don't see the point in doing
an x.y.z.a just because a change is small.
Cheers
Tony
--
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org |
|
| Back to top |
|
|
tzafrir.cohen at xorco...
Guest
|
| Posted: Wed Apr 23, 2008 4:38 am Post subject: [asterisk-users] [asterisk-announce] Asterisk 1.2.28, 1.4.19 |
|
|
On Wed, Apr 23, 2008 at 09:19:26AM +0000, Tony Mountifield wrote:
| Quote: | In article <480E6F23.8050909 at digium.com>,
The Asterisk Development Team <asteriskteam at digium.com> wrote:
| Quote: | The Asterisk development team has released versions 1.2.28, 1.4.19.1, and
1.6.0-beta8.
All of these releases contain a security patch for the vulnerability described
in the AST-2008-006 security advisory. 1.6.0-beta8 is also a regular update to
the 1.6.0 series with a number of bug fixes over the previous beta release.
|
That advisory states that the fix is in 1.4.20, not 1.4.19.1. Why was the 1.4
release tagged as 1.4.19.1?
|
Reading the changelog of the new release:
2008-04-22 Russell Bryant <russell at digium.com>
* Asterisk 1.4.19.1 released.
2008-04-22 21:14 +0000 [r114522-114550] Russell Bryant <russell at digium.com>
* channels/chan_iax2.c: When we receive a full frame that is
supposed to contain our call number, ensure that it has the
correct one. (closes issue #10078) (AST-2008-006)
2008-04-01 Russell Bryant <russell at digium.com>
* Asterisk 1.4.19 released.
1.4.19.1 is called that way because it is 1.4.19 + <this specific fix>
As you might have noticed, .1 , .2 etc. releases lately were based on
the original release, rather than on the current SVN branch. This
greatly reduces the chance of introducing new bugs when applying the
fix.
| Quote: |
Personally, I prefer all releases to be x.y.z, and don't see the point in doing
an x.y.z.a just because a change is small.
|
When 1.4.20 will be released, it will fix this as well. You could take
current asterisk branch 1.4 just as well. But maybe you prefer 1.4.19.1 .
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
