Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1333 to the following vulnerability: Asterisk Project Security Advisory - AST-2008-004 Logging messages displayed using the ast_verbose logging API call are not displayed as a character string, they are displayed as a format string. Output as a result of the Manager command “command” is not appended to the resulting response message as a character string, it is appended as a format string. It is possible in both instances for an attacker to provide a formatted string as a value for input which can cause a crash. References: http://downloads.digium.com/pub/security/AST-2008-004.html
This issue only affected asterisk version in rawhide, which is fixed now.