The Asterisk Development team has released an update to Asterisk 1.2 the Asterisk 1.2.13. This release contains a fix for a security vulnerability recently found in the chan_skinny channel driver (for Cisco SCCP phones). This vulnerability would enable an attacker to remotely execute code as the system user running Asterisk (frequently 'root'). The exploit does not require that the skinny.conf contain any valid phone entries, only that chan_skinny is loaded and operational. When be avalible in the portage, and maybe you can add the asterisk beta 1.4 to the portage thanks
Reassigning to security. (reporter: please only restrict sensitive bugs! thankyou!)
*** This bug has been marked as a duplicate of 151881 ***