[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2019-18790 and CVE-2019-18351 for asterisk
Salvatore Bonaccorso
carnil at debian.org
Sat Mar 13 20:27:40 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e54e9076 by Salvatore Bonaccorso at 2021-03-13T21:26:46+01:00
Update notes for CVE-2019-18790 and CVE-2019-18351 for asterisk
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97998,6 +97998,9 @@ CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asteri
[stretch] - asterisk <no-dsa> (Minor issue)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589
+ NOTE: Technically CVE-2019-18790 exists because of an incomplete fix of CVE-2019-18351, both
+ NOTE: referring to AST-2019-006. The upstream advisory never used though CVE-2019-18351, but
+ NOTE: only referenced CVE-2019-18790.
CVE-2019-18789
RESERVED
CVE-2019-18788
@@ -101477,7 +101480,11 @@ CVE-2019-18353
CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices ...)
NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices
CVE-2019-18351 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk thr ...)
- TODO: check
+ NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
+ NOTE: Technically CVE-2019-18790 exists because of an incomplete fix of CVE-2019-18351, both
+ NOTE: referring to AST-2019-006. The upstream advisory never used though CVE-2019-18351, but
+ NOTE: only referenced CVE-2019-18790. CVE-2019-18351 only got picked up later on.
+ TODO: check with MITRE if CVE-2019-18351 simply should be dropped
CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...)
NOT-FOR-US: Ant Design Pro
CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54e90769e80057ca5469ac296d0f38d58207011
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54e90769e80057ca5469ac296d0f38d58207011
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210313/8544ce94/attachment.htm>
More information about the debian-security-tracker-commits
mailing list