"IAX2 provides a different response during authentication when a user does not exist, as compared to when the password is merely wrong. This allows an attacker to scan a host to find specific users on which to concentrate password cracking attempts." Bump to 1.2.31 ou just apply this patch: http://downloads.digium.com/pub/security/AST-2009-001-1.2.diff
+*asterisk-1.2.31.1 (11 Mar 2009) + + 11 Mar 2009; <chainsaw@gentoo.org> + +files/1.2.0/asterisk-1.2.31.1-bri-fixups.diff, + +files/1.2.0/asterisk-1.2.31.1-comma-is-not-pipe.diff, + +files/1.2.0/asterisk-1.2.31.1-svn89254.diff, +asterisk-1.2.31.1.ebuild: + Version bump, for security bugs #250748 and #254304. Took a 1.4 build fix + that is relevant to 1.2, Digium bug #11238. Wrote patch to fix up typo in + open call, a comma is not a pipe sign. Used EAPI 2 for USE-based + dependencies instead of calling die. Patch from Mounir Lamouri adding + -lspeexdsp closes bug #206463 filed by John Read.
Arch target keywords: ~alpha amd64 ~hppa ~ppc sparc x86 Ebuild is in tree, have asked for keywording in bug #250748.
GLSA 200905-01