[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2022-3697 in ansible for buster LTS.
Chris Lamb (@lamby)
lamby at debian.org
Thu Dec 8 07:09:50 GMT 2022
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5af74a12 by Chris Lamb at 2022-12-08T07:07:45+00:00
Triage CVE-2022-3697 in ansible for buster LTS.
- - - - -
f66b5e08 by Chris Lamb at 2022-12-08T07:08:37+00:00
Triage CVE-2022-37325, CVE-2022-42705 & CVE-2022-42706 in asterisk for buster LTS.
- - - - -
daa2a2d3 by Chris Lamb at 2022-12-08T07:09:08+00:00
Triage CVE-2022-46149 in capnproto for buster LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1960,6 +1960,7 @@ CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure ca
[experimental] - capnproto 0.9.2-1
- capnproto 0.9.2-2
[bullseye] - capnproto <no-dsa> (Breaks API and requires rebuilds, possibly via point release)
+ [buster] - capnproto <no-dsa> (Minor issue; breaks API)
- rust-capnp <unfixed>
NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx
NOTE: https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9
@@ -11153,6 +11154,7 @@ CVE-2022-3698
CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...)
- ansible 7.0.0+dfsg-1
[bullseye] - ansible <no-dsa> (Minor issue)
+ [buster] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...)
@@ -14242,11 +14244,13 @@ CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 befo
CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...)
- asterisk <unfixed>
[bullseye] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...)
- asterisk <unfixed>
[bullseye] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
CVE-2022-42704
@@ -28318,6 +28322,7 @@ CVE-2022-37326
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
- asterisk <unfixed>
[bullseye] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html
CVE-2022-37324
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/601bb231f4599d95d3e6f66caaba546aa4e522b3...daa2a2d3414c0a7e28bd230ad44698772d411b56
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/601bb231f4599d95d3e6f66caaba546aa4e522b3...daa2a2d3414c0a7e28bd230ad44698772d411b56
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/093732f4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list