path traversal via AMI, requires access to AMI and specifically AMI mechanisms that takes a path as argument. Only files to which asterisk has access is at risk (but this includes configuration files ... which contains SIP credentials). Reproducible: Always
updated versions pushed, needs merge then I can request stable and remove the last affected version.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d03c468f0566f375b38b3f0d440f54c0efe33a7b commit d03c468f0566f375b38b3f0d440f54c0efe33a7b Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2025-01-10 06:46:00 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-02-13 08:13:52 +0000 net-misc/asterisk: drop 18.25.0 GHSA-33x6-fj46-6rfh Bug: https://bugs.gentoo.org/947790 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/40080 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/asterisk-18.25.0.ebuild | 371 ------------------------------ 1 file changed, 371 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c42448277adf62c010a0a754017124601a6d11b commit 1c42448277adf62c010a0a754017124601a6d11b Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2025-01-10 06:45:23 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-02-13 08:13:52 +0000 net-misc/asterisk: add 18.26.1, drop 18.26.0 GHSA-33x6-fj46-6rfh Bug: https://bugs.gentoo.org/947790 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/Manifest | 2 +- net-misc/asterisk/{asterisk-18.26.0.ebuild => asterisk-18.26.1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8ffd8ae206d4db8e9f62ec71e12e6e17e372236 commit b8ffd8ae206d4db8e9f62ec71e12e6e17e372236 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2025-01-10 06:37:43 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-02-13 08:13:52 +0000 net-misc/asterisk: drop 20.10.0-r1 GHSA-33x6-fj46-6rfh Bug: https://bugs.gentoo.org/947790 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/Manifest | 1 - net-misc/asterisk/asterisk-20.10.0-r1.ebuild | 371 --------------------------- 2 files changed, 372 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad46dd0a5b63ecb50bc0b6628e0debfa630a7083 commit ad46dd0a5b63ecb50bc0b6628e0debfa630a7083 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2025-01-10 06:34:33 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-02-13 08:13:51 +0000 net-misc/asterisk: add 20.11.1, drop 20.11.0 GHSA-33x6-fj46-6rfh Bug: https://bugs.gentoo.org/947790 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/Manifest | 2 +- net-misc/asterisk/{asterisk-20.11.0.ebuild => asterisk-20.11.1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=782ddbad461947785c195052375da98af7264e83 commit 782ddbad461947785c195052375da98af7264e83 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2025-01-10 06:30:57 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-02-13 08:13:51 +0000 net-misc/asterisk: add 21.6.1, drop 21.6.0 GHSA-33x6-fj46-6rfh Bug: https://bugs.gentoo.org/947790 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/Manifest | 2 +- net-misc/asterisk/{asterisk-21.6.0.ebuild => asterisk-21.6.1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3581a42ba77d9950ff848cd3310bd26852be90d commit f3581a42ba77d9950ff848cd3310bd26852be90d Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2025-01-10 06:26:55 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-02-13 08:13:51 +0000 net-misc/asterisk: drop 22.0.0-r1 GHSA-33x6-fj46-6rfh Bug: https://bugs.gentoo.org/947790 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/Manifest | 1 - net-misc/asterisk/asterisk-22.0.0-r1.ebuild | 358 ---------------------------- 2 files changed, 359 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5a2049306ac68a3230161e3f506732c24a78ec6 commit f5a2049306ac68a3230161e3f506732c24a78ec6 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2025-01-10 06:26:06 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2025-02-13 08:13:51 +0000 net-misc/asterisk: add 22.1.1, drop 22.1.0 GHSA-33x6-fj46-6rfh Bug: https://bugs.gentoo.org/947790 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/Manifest | 2 +- net-misc/asterisk/{asterisk-22.1.0.ebuild => asterisk-22.1.1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
