Bug#454155: asterisk: SQL Injection issue in res_config_pgsql/cdr_pgsql (AST-2007-025/AST-2007-026)
Faidon Liambotis
paravoid at debian.org
Mon Dec 3 15:29:25 UTC 2007
tags 454155 + pending
thanks
Teodor wrote:
> The asterisk team has fixed two security updates:
> AST-2007-025 - SQL Injection issue in res_config_pgsql
> AST-2007-026 - SQL Injection issue in cdr_pgsql
>
> These issues were fixed in the latest release (1.4.15). Please upgrade
> the package to this version.
We are aware of the issues and we already pushed updates to oldstable
(sarge) and stable (etch), c.f. DSA 1417-1.
1.4.15 is already packaged but it's not still updated since we have a
pending issue: Digium decided to break the ABI with *all* external
modules. Wonder why they call it a "stable" release :-)
Regards,
Faidon
More information about the Pkg-voip-maintainers
mailing list