[Git][security-tracker-team/security-tracker][master] python2.7, asterisk fixed

Moritz Muehlenhoff jmm at debian.org
Mon Nov 25 10:44:42 GMT 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31ac26f4 by Moritz Muehlenhoff at 2019-11-25T10:44:14Z
python2.7, asterisk fixed
asterisk no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -588,10 +588,12 @@ CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middlewa
 CVE-2019-18977
 	RESERVED
 CVE-2019-18976 (An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through ...)
-	- asterisk <unfixed>
+	- asterisk 1:16.1.1~dfsg-1
+	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-008.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28612
-	TODO: check, the advisory mentions only 13.x beeing affected, this needs to be verified
+	NOTE: Only affects 13.x, marking first unstable upload after 13.x as fixed
 CVE-2019-18975
 	RESERVED
 CVE-2019-18974
@@ -1050,6 +1052,8 @@ CVE-2019-18791
 	RESERVED
 CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
 	- asterisk <unfixed>
+	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589
 CVE-2019-18789
@@ -3628,6 +3632,8 @@ CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34
 	NOT-FOR-US: CheckUser MediaWiki extension
 CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...)
 	- asterisk <unfixed>
+	[buster] - asterisk <no-dsa> (Minor issue)
+	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
 CVE-2019-18609
@@ -8737,7 +8743,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
 	- python3.5 <removed>
 	- python3.4 <removed>
 	[jessie] - python3.4 <ignored> (Minor Issue, XSS in an unlikely use-case)
-	- python2.7 <unfixed>
+	- python2.7 2.7.17~rc1-1
 	[buster] - python2.7 2.7.16-2+deb10u1
 	[stretch] - python2.7 <no-dsa> (Minor issue)
 	[jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely use-case)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ac26f4c91dcb8d2639e3fd4a29d8c5f50e5728

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ac26f4c91dcb8d2639e3fd4a29d8c5f50e5728
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191125/e70d2b08/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list