dd4e9cae26
Fixes the following security issues:
- CVE-2025-1131: Uncontrolled Search-Path Element in safe_asterisk script
may allow local privilege escalation
https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp
- CVE-2025-57767: A specifically malformed Authorization header in an
incoming SIP request can cause Asterisk to crash
https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j
- CVE-2025-49832: Remote DoS and possible RCE in
asterisk/res/res_stir_shaken/verification.c
https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr
- CVE-2025-47780: cli_permissions.conf: deny option does not work for
disallowing shell commands
https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2
- CVE-2025-47779: Using malformed From header can forge identity with ";" or
NULL in name portion
https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Acked-by: Titouan Christophe <titouan.christophe@mind.be>
[Peter: add additional CVEs]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 02fd1d2b93)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>