CVE-2006-5445 is harder to fix, because they applied other patches
before which do not have any connection to the security hole. But it
also seems that this is not critical, in svn commit #45306 they write

"After some research, we realized that the default behaviour since a long
time was doing the right thing, even though the change optimized a bit
and removed a lot of potential risks. 

Conclusion: No need for a configuration option at all."
--> http://svn.digium.com/view/asterisk?rev=45306&view=rev

So I would suggest to only fix CVE-2006-5444.

-- 
Asterisk vulnerabilities in chan_skinny.c and chan_sip.c
https://launchpad.net/bugs/66912

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to