[Git][security-tracker-team/security-tracker][master] two asterisk issues not actually fixed in latest upload to sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Dec 9 11:20:00 GMT 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6ecfa46e by Moritz Muehlenhoff at 2022-12-09T12:19:03+01:00
two asterisk issues not actually fixed in latest upload to sid
add commit references
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14460,12 +14460,14 @@ CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 an
[buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
+ NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=81f10e847efdbe8ec264062ee234e1098c29b3f6
CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...)
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <no-dsa> (Minor issue)
[buster] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
+ NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=7684c9e907fb85f5c58b025d9e385ad2600f12a2
CVE-2022-42704
RESERVED
CVE-2022-3437 [Buffer overflow in Heimdal unwrap_des3()]
@@ -23026,7 +23028,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to vers
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...)
- - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
+ - asterisk <unfixed>
[bullseye] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed>
@@ -45776,7 +45778,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of soft ...)
NOT-FOR-US: Tuleap
CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
- - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
+ - asterisk <unfixed> (bug #1017004)
- pjproject <removed>
- ring <unfixed> (bug #1017005)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ecfa46e32ac2dc1242bff5e2f1e4baed8d11331
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ecfa46e32ac2dc1242bff5e2f1e4baed8d11331
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221209/0cefc7f4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list