> The consensus in the Asterisk community seems to be that (somehow) Asterisk > is not vulnerable to these security holes, which many experts consider > quite serious. I am frankly having a lot of trouble understanding where > this bliss is coming from. From my reading on this, it looks to me as > though the developers of OpenH323 have acknowledged that their code > ***IS*** vulnerable, and have published a patch.
Yes, asterisk is vulnerable if you have H.323 running. > I tried downloading the above versions, and Asterisk does not build with > these versions. Is there a version of Asterisk I need to check out of CVS > to get patched versions of H.323 to build? How does one incorporate these > fixes into Asterisk??? > What happens when you try and compile asterisk with the latest version of OpenH323, it's been a few months since i've done it but it used to work. _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
