Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c8639746 by Salvatore Bonaccorso at 2023-02-07T22:34:15+01:00
Track fixed version for several ring issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61043,7 +61043,7 @@ CVE-2022-31032 (Tuleap is a Free & Open Source
Suite to improve management o
CVE-2022-31031 (PJSIP is a free and open source multimedia communication
library writt ...)
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
- pjproject <removed>
- - ring <unfixed> (bug #1017005)
+ - ring 20230206.0~ds1-1 (bug #1017005)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
NOTE:
https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
CVE-2022-31030 (containerd is an open source container runtime. A bug was
found in the ...)
@@ -79480,7 +79480,7 @@ CVE-2022-24793 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE:
https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
CVE-2022-24792 (PJSIP is a free and open source multimedia communication
library writt ...)
@@ -79610,7 +79610,7 @@ CVE-2022-24764 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE:
https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication
library writt ...)
@@ -79618,7 +79618,7 @@ CVE-2022-24763 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4
NOTE:
https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21
CVE-2022-24762 (sysend.js is a library that allows a user to send messages
between pag ...)
@@ -79665,7 +79665,7 @@ CVE-2022-24754 (PJSIP is a free and open source
multimedia communication library
{DLA-2962-1}
- asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
NOTE:
https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce
platform. A ...)
@@ -83917,7 +83917,7 @@ CVE-2022-23608 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-005.html
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
@@ -96332,7 +96332,7 @@ CVE-2022-21723 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
[stretch] - ring <not-affected> (Vulnerable code not present)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-006.html
@@ -96343,7 +96343,7 @@ CVE-2022-21722 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
NOTE:
https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and
prior t ...)
@@ -96891,7 +96891,7 @@ CVE-2021-43845 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
NOTE:
https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
NOTE: https://github.com/pjsip/pjproject/pull/2924
@@ -96996,7 +96996,7 @@ CVE-2021-43804 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
NOTE:
https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to
12.0.5 o ...)
@@ -99369,7 +99369,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when
calling pjsua_call_dump. An at
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling
pjsua_recorder_create. An ...)
@@ -99377,7 +99377,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when
calling pjsua_recorder_crea
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling
pjsua_playlist_create. An att ...)
@@ -99385,7 +99385,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when
calling pjsua_playlist_create.
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling
pjsua_recorder_create. An att ...)
@@ -99393,7 +99393,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when
calling pjsua_recorder_create.
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create.
An attac ...)
@@ -99401,7 +99401,7 @@ CVE-2021-43299 (Stack overflow in PJSUA API when
calling pjsua_player_create. An
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE:
https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43298 (The code that performs password matching when using 'Basic'
HTTP authe ...)
@@ -116142,7 +116142,7 @@ CVE-2021-37706 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-004.html
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
@@ -128428,7 +128428,7 @@ CVE-2021-32686 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:16.16.1~dfsg-2 (bug #991931)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (bug #1014998)
+ - ring 20230206.0~ds1-1 (bug #1014998)
NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
NOTE:
https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c86397460b5f6b89f3320c96374e950666b020c5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c86397460b5f6b89f3320c96374e950666b020c5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
