Because as the advisory pointed out it "could" happen. The likely thing to happen would be a segfault. Then again it should have been pointed out instead of silently updated.
bkw On Wed, 10 Sep 2003, Michael Sandee wrote: > 'proven'? Why post this bs... read the advisory, clearly shows they made > one and tested. Second its trivial to make one, if you see what is wrong > in the code. > > Original advisory should have been posted here at the date of release, > or announced by someone, but it wasn't... I guess some people are too > busy, can't blame them. > > Brian West wrote: > > >Also it wasn't a proven exploit. They said it "could allow an attacker to > >obtain remote and unauthenticated access". And if pigs "could" fly I > >would be a rich man! > > > >bkw > > > > > > > > > >>Read the security vulnerability. It referenced CVS as of a certain > >>date. If you aren't keeping up with CVS changes, why are you running > >>CVS at all? > >> > >>-Tilghman > >> > >>_______________________________________________ > >>Asterisk-Users mailing list > >>[EMAIL PROTECTED] > >>http://lists.digium.com/mailman/listinfo/asterisk-users > >> > >> > >> > >_______________________________________________ > >Asterisk-Users mailing list > >[EMAIL PROTECTED] > >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > > > > > > > > _______________________________________________ > Asterisk-Users mailing list > [EMAIL PROTECTED] > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
