Don't bother with that, go straight to the source! http://packages.asterisk.org/ These get updated rather quickly.
jlc
+1 for this suggestion.
Starting out it may be easier to pull packages from a repo if you're not familiar with building from source. BUT, in the long run, you'll need to learn it. When a security >vulnerability is fixed, you don't want to wait any longer than necessary for the package maintainer to get around to updating. Just grab the source and build. Also, the packages >don't always have all the functionality you may require (codecs, modules, etc). There are plenty of docs on how to do this as well as many helpful people on the Asterisk-Users >mailing list.
You completely misunderstood my suggestion, and actually suggested something I learned a long time ago to never do:)
The url as suggested by the name, *is* an rpm package repo. As I said, the packager gets these built with new releases and/or kernel updates very fast.
Compiling software and bypassing the package mangler is always a risk for trouble down the road. Given the many deps Asterisk may require, its simpler to use this repo versus compiling.
An aside as well, I see many people on this list always concerned with vulns and patches and always eager to simply `yum update`. FWIW, if the vuln doesn't affect you, it's not a vuln for *you*. You may not have the module installed/active or in my case, the internet facing exposure is limited to an VSP who I *very much* doubt would use my system to dial for free based on one of the recent vulns.
I wouldn't panic about being at risk for vulns *just because* a vuln exists, it may not affect you. I had an Ast box running without a reboot or update in almost a year cuz I couldn't get the window. Its exposure was so highly minimized that it wasn't even a consideration. None of the updates pertaining to stability were ever applicable either to my best knowledge so I didn't worry...
jlc