Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2b9223dc by Neil Williams at 2022-02-18T11:24:42+00:00
Checked multiple CVEs in pjproject against asterisk and ring
More updates to follow
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17188,15 +17188,19 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC
Driver. A security hole wa
NOTE:
https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE:
https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813
(REL42.3.2)
CVE-2022-21723 (PJSIP is a free and open source multimedia communication
library writt ...)
+ - asterisk <unfixed>
+ [bullseye] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
+ - ring <unfixed>
+ [stretch] - ring <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
NOTE:
https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
- TODO: check, might affect in impact src:ring
CVE-2022-21722 (PJSIP is a free and open source multimedia communication
library writt ...)
+ - asterisk <unfixed>
- pjproject <removed>
+ - ring <unfixed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
NOTE:
https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
- TODO: check, might affect in impact src:ring
CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and
prior t ...)
TODO: check
CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior
to vers ...)
@@ -17705,11 +17709,12 @@ CVE-2021-43847 (HumHub is an open-source social
network kit written in PHP. Prio
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus
e-commer ...)
NOT-FOR-US: solidus_frontend
CVE-2021-43845 (PJSIP is a free and open source multimedia communication
library. In v ...)
+ - asterisk <unfixed>
- pjproject <removed>
+ - ring <unfixed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
NOTE:
https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
NOTE: https://github.com/pjsip/pjproject/pull/2924
- TODO: check, might affect in impact src:ring
CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets,
weather, a ...)
NOT-FOR-US: MSEdgeRedirect
CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack
block kit s ...)
@@ -17806,10 +17811,11 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source
tool for end to end traceabili
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on
Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804 (PJSIP is a free and open source multimedia communication
library writt ...)
+ - asterisk <unfixed>
- pjproject <removed>
+ - ring <unfixed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
NOTE:
https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
- TODO: check, might affect in impact src:ring
CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to
12.0.5 o ...)
NOT-FOR-US: next.js
CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions
prior to 1.8 ...)
@@ -20028,15 +20034,35 @@ CVE-2021-43305
CVE-2021-43304
RESERVED
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An
attacker ...)
- TODO: check
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling
pjsua_recorder_create. An ...)
- TODO: check
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling
pjsua_playlist_create. An att ...)
- TODO: check
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling
pjsua_recorder_create. An att ...)
- TODO: check
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create.
An attac ...)
- TODO: check
+ - asterisk <unfixed>
+ - pjproject <removed>
+ - ring <unfixed>
+ NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+ NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43298 (The code that performs password matching when using 'Basic'
HTTP authe ...)
NOT-FOR-US: GoAhead Web Server
CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite
3.2.11 a ...)
@@ -36212,10 +36238,11 @@ CVE-2021-37708 (Shopware is an open source eCommerce
platform. Versions prior to
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior
to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706 (PJSIP is a free and open source multimedia communication
library writt ...)
+ - asterisk <unfixed>
- pjproject <removed>
+ - ring <unfixed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
NOTE:
https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865
- TODO: check, might affect in impact src:ring
CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service
platform. S ...)
NOT-FOR-US: OneFuzz
CVE-2021-37704 (PhpFastCache is a high-performance backend cache system
(packagist pac ...)
@@ -48277,11 +48304,11 @@ CVE-2021-32686 (PJSIP is a free and open source
multimedia communication library
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
[stretch] - pjproject <no-dsa> (Minor issue;
https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch)
+ - ring <unfixed>
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
NOTE:
https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
NOTE: https://github.com/pjsip/pjproject/pull/2716
- TODO: check, might affect in impact src:ring
CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the
browser ( ...)
NOT-FOR-US: tEnvoy
CVE-2021-32684 (magento-scripts contains scripts and configuration used by
Create Mage ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9223dc052155c9d0f273067ca4f89586e895db
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b9223dc052155c9d0f273067ca4f89586e895db
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
