[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Dec 7 19:14:01 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7273a8db by Moritz Muehlenhoff at 2022-12-07T20:11:47+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1892,6 +1892,7 @@ CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...)
 	[experimental] - capnproto 0.9.2-1
 	- capnproto <unfixed>
+	[bullseye] - capnproto <no-dsa> (Breaks API and requires rebuilds, possibly via point release)
 	- rust-capnp <unfixed>
 	NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx
 	NOTE: https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9
@@ -11084,6 +11085,7 @@ CVE-2022-3698
 	RESERVED
 CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...)
 	- ansible 7.0.0+dfsg-1
+	[bullseye] - ansible <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
 	NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
 CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...)
@@ -11545,6 +11547,7 @@ CVE-2022-3651
 CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
 	RESERVED
 	- ceph 16.2.10+ds-4 (bug #1024932)
+	[bullseye] - ceph <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
 	NOTE: https://tracker.ceph.com/issues/57967
 	NOTE: https://github.com/ceph/ceph/pull/48713
@@ -14171,10 +14174,12 @@ CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 befo
 	- mahara <removed>
 CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...)
 	- asterisk <unfixed>
+	[bullseye] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
 CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...)
 	- asterisk <unfixed>
+	[bullseye] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
 CVE-2022-42704
@@ -22630,6 +22635,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table o
 	NOT-FOR-US: DiscoTOC Discourse theme
 CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...)
 	- asterisk <unfixed>
+	[bullseye] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
@@ -22726,6 +22732,7 @@ CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repos
 	NOT-FOR-US: Makedeb Mist
 CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...)
 	- asterisk <unfixed>
+	[bullseye] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
@@ -28243,6 +28250,7 @@ CVE-2022-37326
 	RESERVED
 CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
 	- asterisk <unfixed>
+	[bullseye] - asterisk <no-dsa> (Minor issue)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html
 CVE-2022-37324


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+cacti
 --
 frr
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7273a8dbf6549ed1189d224452d086414a70109b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7273a8dbf6549ed1189d224452d086414a70109b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221207/a802dac4/attachment.htm>

More information about the debian-security-tracker-commits mailing list