search for: bford

...8 Reported By Sean Bright Posted On February 21, 2018 Last Updated On February 21, 2018 Advisory Contact bford AT digium DOT com CVE Name CVE-2018-7287 Description When reading a websocket, the length was not being checked. If a payload of length 0 was read, it would result in a...

...9 Reported By Salah Ahmed Posted On November 21, 2019 Last Updated On November 21, 2019 Advisory Contact bford AT sangoma DOT com CVE Name CVE-2019-18976 Description If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a...

...Reported By Sebastian Damm, Ruslan Lazin Posted On November 5, 2020 Last Updated On November 5, 2020 Advisory Contact bford AT sangoma DOT com CVE Name Description If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This cau...

Thanks for that info, Ben. I do like to test out the latest and most up-to-date versions of things when I can, so I'll check those files and see how it goes. On 2020-05-11 17:20, Ben Ford <bford at digium.com> put forth the proposition: > Hey Dave, > > In the case of 13 and 16, these are LTS versions which means that they get > long term service. 17 is a standard release. The benefit of an LTS is that > you can expect it to get bug fixes and improvements for an extended p...

...Reported By Andrey V. T. Posted On November 21, 2019 Last Updated On November 21, 2019 Advisory Contact bford AT sangoma DOT com CVE Name CVE-2019-18790 Description A SIP request can be sent to Asterisk that can change a SIP peer’s IP address. A REGISTER does not need to...

Hi all, I'm a fairly long time user of Asterisk, but I'm new to this list. I used to use the old forums some few years ago. I wanted to ask why there are different Asterisk versions, as shown by the announcements in the past week or 2: Asterisk 13.33.0 Asterisk 16.10.0 Asterisk 17.4.0 I'm currently using 16.8.0 and wondering if I should upgrade to 16.10.0, or perhaps give 17.4.0 a

...and keep them all separate. Use >> extensions.conf to ring them all >> >> Having written the question out carefully, it seems obvious that A is >> the way to do this, but it's sort of contrary to the advice in the book >> so I thought I would ask. Ben Ford <bford at digium.com> writes: > I'm no expert on the user side of things, but I would prefer option A. Of > course, this is completely your preference. Asterisk will allow either > option, so you have some flexibility there. One of the advantages of option > A is that you can have mult...

I am trying to run the CyberMegaPhone demo to see the WebRTC Video Conference demonstration from AstriDevCon 2017 I have been able to make WebRTC work on this same box with SIPML5 demo but not the CMP2K. When I attempt to access the https://myip:8089/cmp2k I am prompted for the unsecure web. I enable unsecure web. (Using the asterisk local certificate generation from the SIPML5 demo). After

(I'm new to Asterisk, after having started VOIP with vat on the mbone in the 90s.) I am setting up my first Asterisk system, and trying to read docs/guidance and follow best practices. I have read the 5th Edition of "Asterisk: The Definitive Guide" and like the 3rd Edition on the web it recommends that hardphones and softphones both have a unique name distinct from any concept of

> > From Astricon 2019 notes [1], you can read "[a]ll 3 app_voicemail variants > can now be built". > What does it mean ? At compilation, you can specify which voicemail modules you would like to build. You can select all 3 modules if you want. Is this change tied with a specific Asterisk version ? This should be in 17. Is possible to change from ODBC to IMAP without

Hey Dave, In the case of 13 and 16, these are LTS versions which means that they get long term service. 17 is a standard release. The benefit of an LTS is that you can expect it to get bug fixes and improvements for an extended period of time without anything major being changed. If you find an LTS version that has everything you need, it's probably the safest version to choose. Any