Diffusion FreeBSD ports repository ab05146a6f7e

20.18.2
ab05146a6f7e
Actions

Description

net/asterisk22: Update 20.18.1 => 20.18.2

Security Advisories Resolved: 4

GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection.
GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation.
GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization.
GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation.

Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html

PR: 293361
Approved by: Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua>
Security: GHSA-85x7-54wr-vh42
Security: GHSA-rvch-3jmx-3jf3
Security: GHSA-v6hp-wh3r-cwxh
Security: GHSA-xpc6-x892-v83c
MFH: 2026Q1