On Wednesday 10 September 2003 01:04 pm, Olle E. Johansson wrote: > Tilghman Lesher wrote: > > On Wednesday 10 September 2003 10:51 am, Olle E. Johansson wrote: > >>Lubomir Christov wrote: > >>>today I found this security report regarding Asterisk SIP > >>>Security. > >>> > >>>http://www.securiteam.com/securitynews/5LP0720B5G.html > >> > >>Important information. Why a "silent" patch and no information to > >>the mailing list? Security by obscurity :-( > > > > Probably because Mark doesn't have time to realize that somebody > > is going to publish a temporary vulnerability that he fixes in 5 > > minutes. When someone points out a bug in my own programs, I'll > > go fix it, but I don't usually then publish a vulnerability page > > describing the problem: it's a bug, I fixed it, what's next? > > I understand it from a programmer's view. But from the large user > base point of view - there's a lot of installations out there that > needs to be updated and they did not get the information that they > had to update. Not all want to CVS-update running systems to the > latest code.
Read the security vulnerability. It referenced CVS as of a certain date. If you aren't keeping up with CVS changes, why are you running CVS at all? -Tilghman _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
