[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2019-18790 and CVE-2019-18351 for asterisk

Salvatore Bonaccorso carnil at debian.org
Sat Mar 13 20:27:40 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e54e9076 by Salvatore Bonaccorso at 2021-03-13T21:26:46+01:00
Update notes for CVE-2019-18790 and CVE-2019-18351 for asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -97998,6 +97998,9 @@ CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asteri
 	[stretch] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589
+	NOTE: Technically CVE-2019-18790 exists because of an incomplete fix of CVE-2019-18351, both
+	NOTE: referring to AST-2019-006. The upstream advisory never used though CVE-2019-18351, but
+	NOTE: only referenced CVE-2019-18790.
 CVE-2019-18789
 	RESERVED
 CVE-2019-18788
@@ -101477,7 +101480,11 @@ CVE-2019-18353
 CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices  ...)
 	NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices
 CVE-2019-18351 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk thr ...)
-	TODO: check
+	NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
+	NOTE: Technically CVE-2019-18790 exists because of an incomplete fix of CVE-2019-18351, both
+	NOTE: referring to AST-2019-006. The upstream advisory never used though CVE-2019-18351, but
+	NOTE: only referenced CVE-2019-18790. CVE-2019-18351 only got picked up later on.
+	TODO: check with MITRE if CVE-2019-18351 simply should be dropped
 CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET  ...)
 	NOT-FOR-US: Ant Design Pro
 CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54e90769e80057ca5469ac296d0f38d58207011

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e54e90769e80057ca5469ac296d0f38d58207011
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210313/8544ce94/attachment.htm>

More information about the debian-security-tracker-commits mailing list