Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: cba9b4c7 by Abhijith PA at 2022-05-28T13:44:26+05:30 asterisk uses packaged libpjproject-dev - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -14649,6 +14649,7 @@ CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with w NOT-FOR-US: nats-server CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...) - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk <postponed> (Fix in next upload) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29838 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-003.html CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...) @@ -19827,12 +19828,14 @@ CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing NOT-FOR-US: Express OpenID Connect CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk <unfixed> + [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk <unfixed> + [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - ring <unfixed> (unimportant) NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia @@ -19857,6 +19860,7 @@ CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Vir NOT-FOR-US: Vyper CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk <unfixed> + [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - ring <unfixed> (unimportant) NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia @@ -19946,12 +19950,14 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...) {DLA-2962-1} - asterisk <unfixed> + [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <unfixed> - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk <unfixed> + [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> [stretch] - pjproject <postponed> (Minor issue, infinite loop DoS) - ring <unfixed> @@ -19996,6 +20002,7 @@ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recove CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...) {DLA-2962-1} - asterisk <unfixed> + [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 ===================================== data/dla-needed.txt ===================================== @@ -19,9 +19,6 @@ rather than remove/replace existing ones. -- amd64-microcode -- -asterisk (Abhijith PA) - NOTE: 20220424: programming language C --- avahi NOTE: 20220523: Follow buster: harmonize with with Debian 10.9 (1 Debian-specific CVE) (Beuc/front-desk) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cba9b4c7d81d96c6b4faa53e998d20e24684ede3 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cba9b4c7d81d96c6b4faa53e998d20e24684ede3 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits