I would imagine that anyone that's following asterisk security will have
already obtained the patched config file (possibly not installed it, but
there it is..) so the best bet would likely to be to try not to change
it again in the next security update.
-- John
On 05/03/2011 09:37 AM, Tzafrir Cohen wrote:
tag 624148 wontfix
thanks
On Mon, Apr 25, 2011 at 08:05:17PM -0500, John Goerzen wrote:
Package: asterisk-config
Version: 1:1.6.2.9-2+squeeze2
Severity: grave
Justification: renders package unusable
I use unattended-upgrades to provide security updates. This normally works
fine,
and although I expect that an upgrade might take down Asterisk for a few
minutes,
this took the system down and did not bring it back up. I'm going to guess it
was
related to this:
Upstream added an important configuration option as part of a security
fix (a gauge to control the limitations imposed the new restrictions
against DoS attacks). It was important for those to get into the
reference documentation.
Sadly the reference config files are olso copied to /etc/asterisk. In
retrospect I should have manually patched them at install time (that is:
in the install target).
However if I fix this now, we get the same issue with those who have
already upgraded, which is why I tagged it as "wontfix". Any better
suggestion?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
