Bug 283975 - net/asterisk20: Update to 20.11.1
Summary: net/asterisk20: Update to 20.11.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Vladimir Druzenko
URL: https://www.asterisk.org/asterisk-new...
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-10 09:37 UTC by Oleksandr Kryvulia
Modified: 2025-01-10 10:49 UTC (History)
3 users (show)

See Also:
vvd: merge-quarterly+

Attachments
Update patch (1.93 KB, patch)
2025-01-10 09:37 UTC, Oleksandr Kryvulia 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oleksandr Kryvulia 2025-01-10 09:37:16 UTC 
Created attachment 256597 [details]
Update patch

Update to 20.11.1
Please review and commit.
Comment 1 Vladimir Druzenko freebsd_committer freebsd_triage 2025-01-10 10:37:27 UTC 
Need entry in security/vuxml/vuln/2025.xml:
> Security Advisories Resolved: 1
>    GHSA-33×6-fj46-6rfh: Path traversal via AMI ListCategories allows access to outside files
Comment 2 commit-hook freebsd_committer freebsd_triage 2025-01-10 10:43:00 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=138365b72fdd165429fdc8dabf922fa1973f7823

commit 138365b72fdd165429fdc8dabf922fa1973f7823
Author:     Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua>
AuthorDate: 2025-01-10 10:32:49 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-10 10:42:33 +0000

    net/asterisk20: Update 20.11.0 → 20.11.1 (security fix GHSA-33x6-fj46-6rfh)

    News:
    https://www.asterisk.org/asterisk-news/asterisk-security-release-20-11-1-now-available/

    Security fix GHSA-33x6-fj46-6rfh:
    - Path traversal via AMI ListCategories allows access to outside files
    https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh

    PR:             283975
    Sponsored by:   FLEX-IT LLC
    MFH:            2025Q1

 net/asterisk20/Makefile | 5 ++---
 net/asterisk20/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2025-01-10 10:49:01 UTC 
A commit in branch 2025Q1 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8b81551a4b9e557dd4660d85cf01d460a8b39247

commit 8b81551a4b9e557dd4660d85cf01d460a8b39247
Author:     Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua>
AuthorDate: 2025-01-10 10:32:49 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-10 10:47:42 +0000

    net/asterisk20: Update 20.11.0 → 20.11.1 (security fix GHSA-33x6-fj46-6rfh)

    News:
    https://www.asterisk.org/asterisk-news/asterisk-security-release-20-11-1-now-available/

    Security fix GHSA-33x6-fj46-6rfh:
    - Path traversal via AMI ListCategories allows access to outside files
    https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh

    PR:             283975
    Sponsored by:   FLEX-IT LLC
    MFH:            2025Q1

    (cherry picked from commit 138365b72fdd165429fdc8dabf922fa1973f7823)

 net/asterisk20/Makefile | 5 ++---
 net/asterisk20/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)
Comment 4 Vladimir Druzenko freebsd_committer freebsd_triage 2025-01-10 10:49:26 UTC 
Thanks.