Acasă Explorează Ajutor
Autentificare
PUBLIC_REPOS
/
buildroot
oglindă de git://git.buildroot.net/buildroot
2
1
Bifurcare 0
Fisiere
Răsfoiți Sursa

package/asterisk: security bump version to 22.5.2

Fixes the following security issues:

- CVE-2025-1131: Uncontrolled Search-Path Element in safe_asterisk script
  may allow local privilege escalation
  https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp

- CVE-2025-57767: A specifically malformed Authorization header in an
  incoming SIP request can cause Asterisk to crash
  https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j

- CVE-2025-49832: Remote DoS and possible RCE in
  asterisk/res/res_stir_shaken/verification.c
  https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr

- CVE-2025-47780: cli_permissions.conf: deny option does not work for
  disallowing shell commands
  https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2

- CVE-2025-47779: Using malformed From header can forge identity with ";" or
  NULL in name portion
  https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Acked-by: Titouan Christophe <titouan.christophe@mind.be>
[Peter: add additional CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Bernd Kuhls 2 luni în urmă
părinte
5d8c1af6a5
comite
02fd1d2b93
2 a modificat fișierele cu 2 adăugiri și 2 ștergeri
Vedere unificată Arată Statisticile Diff
  1. 1 1
      package/asterisk/asterisk.hash
  2. 1 1
      package/asterisk/asterisk.mk

+ 1 - 1
package/asterisk/asterisk.hash
Vizualizați fișierul 

@@ -1,5 +1,5 @@
 
 # Locally computed
 
 # Locally computed
 
-sha256  4cc403c8885d4aed3956dfb75d315d3e5bcc129eb9cd47c156d3b12ecceed1ba  asterisk-22.3.0.tar.gz
 
+sha256  8a94650b6f348af1f1c9cce7ed3585d280f3a31b0d3820084a42b03712df95d5  asterisk-22.5.2.tar.gz
 
 
 
 # Locally computed
 
 # Locally computed
 
 sha256  58bb83cec4d431f48d006e455d821668450f8cf6b6c95f090def47062fa3a60c  pjproject-2.15.1.tar.bz2
 
 sha256  58bb83cec4d431f48d006e455d821668450f8cf6b6c95f090def47062fa3a60c  pjproject-2.15.1.tar.bz2

+ 1 - 1
package/asterisk/asterisk.mk
Vizualizați fișierul 

@@ -4,7 +4,7 @@
 
 #
 
 #
 
 ################################################################################
 
 ################################################################################
 
 
 
-ASTERISK_VERSION = 22.3.0
 
+ASTERISK_VERSION = 22.5.2
 
 # Use the github mirror: it's an official mirror maintained by Digium, and
 
 # Use the github mirror: it's an official mirror maintained by Digium, and
 
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 
 # provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
 
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))
 
 ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))