[Git][security-tracker-team/security-tracker][master] CVE-2022-24754 asterisk & ring both enable the vulnerable hashed digest code

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
385c80e0 by Neil Williams at 2022-04-26T08:39:32+01:00
CVE-2022-24754 asterisk & ring both enable the vulnerable hashed digest code

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13830,10 +13830,11 @@ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recove
 	NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
 CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
+	- asterisk <unfixed>
 	- pjproject <removed>
+	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
 	NOTE: https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47
-	TODO: check impact on src:asterisk and src:ring
 CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platform. A ...)
 	NOT-FOR-US: Stripe CLI
 CVE-2022-24752 (SyliusGridBundle is a package of generic data grids for Symfony applic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/385c80e0a3652c87af18eb14eadc35cfeb97b694

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/385c80e0a3652c87af18eb14eadc35cfeb97b694
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220426/352d7e89/attachment.htm>