Site Navigation

Date:      Sun, 22 Feb 2026 21:54:36 +0000
From:      Vladimir Druzenko <vvd@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Cc:        Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
Subject:   git: ab05146a6f7e - main - net/asterisk22: Update 20.18.1 => 20.18.2
Message-ID:  <699b7b1c.23e44.76269bfb@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=ab05146a6f7ec39a268ac534831bb1fb5dab0dee

commit ab05146a6f7ec39a268ac534831bb1fb5dab0dee
Author:     Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
AuthorDate: 2026-02-22 21:53:33 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2026-02-22 21:53:33 +0000

    net/asterisk22: Update 20.18.1 => 20.18.2
    
    Security Advisories Resolved: 4
    - GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
      leading to potential XXE Injection.
    - GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
      ast_debug_tools.conf from /etc/asterisk; potentially leading to
      privilege escalation.
    - GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
      page echos user supplied values(cookie and query string) without
      sanitization.
    - GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
      file to world writeable folder; leading to potential privilege
      escalation.
    
    Changelog:
    https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
    
    PR:             293361
    Approved by:    Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua>
    Security:       GHSA-85x7-54wr-vh42
    Security:       GHSA-rvch-3jmx-3jf3
    Security:       GHSA-v6hp-wh3r-cwxh
    Security:       GHSA-xpc6-x892-v83c
    MFH:            2026Q1
---
 net/asterisk20/Makefile | 2 +-
 net/asterisk20/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/asterisk20/Makefile b/net/asterisk20/Makefile
index e5a3810f7847..74d4c0befc75 100644
--- a/net/asterisk20/Makefile
+++ b/net/asterisk20/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	asterisk
-DISTVERSION=	20.18.1
+DISTVERSION=	20.18.2
 CATEGORIES=	net
 MASTER_SITES=	https://downloads.asterisk.org/pub/telephony/%SUBDIR%/:DEFAULT,g729
 MASTER_SITE_SUBDIR=	asterisk/ \
diff --git a/net/asterisk20/distinfo b/net/asterisk20/distinfo
index 6be9cb6530f4..39457abda14c 100644
--- a/net/asterisk20/distinfo
+++ b/net/asterisk20/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1769713379
-SHA256 (asterisk/asterisk-20.18.1.tar.gz) = fffc04d9348676c884224d5f66201c0c88468f382b3f58c41c2e5afd4a72868f
-SIZE (asterisk/asterisk-20.18.1.tar.gz) = 28627742
+TIMESTAMP = 1771750967
+SHA256 (asterisk/asterisk-20.18.2.tar.gz) = 247e47727856b113ad520f3142225b3b7e526e1ba471fb7d546bc0fa4a734592
+SIZE (asterisk/asterisk-20.18.2.tar.gz) = 28633144
 SHA256 (asterisk/asterisk-core-sounds-en-g729-1.6.tar.gz) = b49dec15e07bb9bff6af0da3a07180651a38ef54d3ea54a3f20c35f081ed8714
 SIZE (asterisk/asterisk-core-sounds-en-g729-1.6.tar.gz) = 1557798
 SHA256 (asterisk/asterisk-moh-opsound-g729-2.03.tar.gz) = 0147ca9a97f0c550227aacb7793499057c4d2c64e021c95f93722f27d5549585

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?699b7b1c.23e44.76269bfb>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact