Asterisk Project Security Advisory - AST-2007-024
Affected Versions Product Release Series
Zaptel 1.2.x All versions prior to 1.2.22
Zaptel 1.4.x All versions prior to 1.4.7
anyone know the ETA for the new zaptel releases?
Have you read the doc in full…
[quote]The copy of the user-provided argument to the buffer has been limited to the length of the buffer. This fix has been committed to the Zaptel 1.2 and 1.4 repositories, but due to the lack of severity, new releases will not be immediately made.
While we appreciate this programming error being brought to our attention, we would encourage security researchers to contact us prior to releasing any reports of their own, both so that we can fix any vulnerability found prior to the release of an announcement, as well as avoiding these types of mistakes (and the potential embarrassment of reporting a vulnerability that wasn’t) in the future.[/quote]
The last line says it all I think.