[Git][security-tracker-team/security-tracker][master] Track fixed version for asterik issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 8 22:06:11 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
24c1e3e4 by Salvatore Bonaccorso at 2022-12-08T23:02:21+01:00
Track fixed version for asterik issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14425,13 +14425,13 @@ CVE-2022-42708
CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22. ...)
- mahara <removed>
CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...)
- - asterisk <unfixed>
+ - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <no-dsa> (Minor issue)
[buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...)
- - asterisk <unfixed>
+ - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <no-dsa> (Minor issue)
[buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
@@ -22996,7 +22996,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to vers
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...)
- - asterisk <unfixed>
+ - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed>
@@ -28514,7 +28514,7 @@ CVE-2022-37340
CVE-2022-37326
RESERVED
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...)
- - asterisk <unfixed>
+ - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <no-dsa> (Minor issue)
[buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
@@ -45746,7 +45746,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
NOT-FOR-US: Tuleap
CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
- - asterisk <unfixed> (bug #1017004)
+ - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
- pjproject <removed>
- ring <unfixed> (bug #1017005)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24c1e3e4adcd6baba68c7290dce270fbf02aa15c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/24c1e3e4adcd6baba68c7290dce270fbf02aa15c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221208/598b0bf9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list