Bug#315532: asterisk: Buffer overflow in command line parser

Tzafrir Cohen tzafrir.cohen@xorcom.com
Wed, 29 Jun 2005 20:57:06 +0300


On Wed, Jun 29, 2005 at 12:05:00PM -0500, Santiago Jos=E9 Ruano Rinc=F3n =
wrote:
> Hi,
>=20
> here is a dpatch to solve this bug, build with the one that Russell
> Bryant sent to the asterisk-devel mailing list.
>=20
> I've build the asterisk packages, but i haven't tried to exploit the bu=
g
> and I won't be able to do that in some days. Please, anyone could help
> me to test it?

  http://tzafrir.org.il/rapid108/

asterisk/zaptel/libpri 1.0.8 packages. Include that patch. As I said,=20
I don't consider that issue anything serious.

OTOH, I've fixed the data_dir patch not to depend on bristuff, so it
should now be simpler to build the package without bristuff, should you
want that.

Those packages are still work in progress. Specifically, I may still
update them without inclreading version number. But I expect those
changes to be minor tweaks.


--=20
Tzafrir Cohen     icq#16849755  +972-50-7952406
tzafrir.cohen@xorcom.com  http://www.xorcom.com