ports - FreeBSD ports tree

diff options

author	Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>	2026-02-22 21:53:33 +0000
committer	Vladimir Druzenko <vvd@FreeBSD.org>	2026-02-22 21:53:33 +0000
commit	ab05146a6f7ec39a268ac534831bb1fb5dab0dee (patch)
tree	0fa2803c741a244463bfdddfdd82eb2e656e9b51 /devel/elfutils/files/patch-libdw_dwarf__getsrclines.c
parent	28d3feb42c7a29cbf1ef6d97d7e26828db7657c8 (diff)

net/asterisk22: Update 20.18.1 => 20.18.2HEAD main

Security Advisories Resolved: 4 - GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection. - GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation. - GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization. - GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation. Changelog: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html PR: 293361 Approved by: Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua> Security: GHSA-85x7-54wr-vh42 Security: GHSA-rvch-3jmx-3jf3 Security: GHSA-v6hp-wh3r-cwxh Security: GHSA-xpc6-x892-v83c MFH: 2026Q1

Diffstat (limited to 'devel/elfutils/files/patch-libdw_dwarf__getsrclines.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: