"IAX2 provides a different response during authentication when a user does not exist, as compared to when the password is merely wrong. This allows an attacker to scan a host to find specific users on which to concentrate password cracking attempts."
Bump to 1.2.31 ou just apply this patch:
+*asterisk-18.104.22.168 (11 Mar 2009)
+ 11 Mar 2009; <firstname.lastname@example.org>
+ +files/1.2.0/asterisk-22.214.171.124-svn89254.diff, +asterisk-126.96.36.199.ebuild:
+ Version bump, for security bugs #250748 and #254304. Took a 1.4 build fix
+ that is relevant to 1.2, Digium bug #11238. Wrote patch to fix up typo in
+ open call, a comma is not a pipe sign. Used EAPI 2 for USE-based
+ dependencies instead of calling die. Patch from Mounir Lamouri adding
+ -lspeexdsp closes bug #206463 filed by John Read.
Arch target keywords:
~alpha amd64 ~hppa ~ppc sparc x86
Ebuild is in tree, have asked for keywording in bug #250748.