Bug#552756: AST-2009-007: SIP INVITE ACL bypass
Faidon Liambotis
paravoid at debian.org
Thu Oct 29 09:40:06 UTC 2009
Raphael Geissert wrote:
> A vulnerability has been reported in asterisk that allows a device to make
> calls on networks intended to be prohibited as defined by the "deny"
> and "permit" lines in sip.conf.
>
> The original advisory can be found at:
> http://downloads.asterisk.org/pub/security/AST-2009-007.html
>
> And the patch at:
> http://downloads.asterisk.org/pub/security/AST-2009-007-1.6.1.diff.txt
I saw that but initially ignored it since it said it was affecting only
1.6.1. It seems, however, that it also affects 1.6.2 and a fix is
commmited in upstream's SVN.
Will do an upload within the day.
Thanks,
Faidon
More information about the Pkg-voip-maintainers
mailing list