[Git][security-tracker-team/security-tracker][master] pjproject not embedded in stretch suite's asterisk

Abhijith PA (@abhijith) abhijith at debian.org
Mon Apr 4 15:31:06 BST 2022 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a59aabb9 by Abhijith PA at 2022-04-04T19:59:55+05:30
pjproject not embedded in stretch suite's asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14461,6 +14461,7 @@ CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Wi
 CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945
@@ -26463,6 +26464,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole wa
 CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	[stretch] - ring <not-affected> (Vulnerable code not present)
@@ -26473,6 +26475,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
 CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
@@ -26997,6 +27000,7 @@ CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-
 CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
@@ -27101,6 +27105,7 @@ CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails
 CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
@@ -29336,6 +29341,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
 CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
@@ -29343,6 +29349,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An at
 CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
@@ -29350,6 +29357,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_crea
 CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
@@ -29357,6 +29365,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create.
 CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
@@ -29364,6 +29373,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create.
 CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
@@ -45608,6 +45618,7 @@ CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to
 CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
 	- asterisk <unfixed>
+	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59aabb947e74214bb2cf4c33c950defd316310d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a59aabb947e74214bb2cf4c33c950defd316310d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220404/e70e6dac/attachment.htm>

More information about the debian-security-tracker-commits mailing list