Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitising of call-related data, which may lead to SQL injection. For the old stable distribution (sarge), this problem has been fixed in version 1:1.0.7.dfsg.1-2sarge6. For the stable distribution (etch), this problem has been fixed in version 1:1.2.13~dfsg-2etch2. Updated packages for ia64 will be provided later. We recommend that you upgrade your asterisk packages.
Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitising of call-related data, which may lead to SQL injection.
For the old stable distribution (sarge), this problem has been fixed in version 1:1.0.7.dfsg.1-2sarge6.
For the stable distribution (etch), this problem has been fixed in version 1:1.2.13~dfsg-2etch4. Updated packages for ia64 will be provided later.
We recommend that you upgrade your asterisk packages.
MD5 checksums of the listed files are available in the original advisory.