[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-23608/asterisk <unfixed>
Neil Williams (@codehelp)
codehelp at debian.org
Wed Feb 23 11:40:53 GMT 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83a65c1c by Neil Williams at 2022-02-23T11:13:41+00:00
CVE-2022-23608/asterisk <unfixed>
* Vulnerable code present in asterisk in unstable
* Vulnerable function(s) found in asterisk shared object symbols
- - - - -
f2b50ab8 by Neil Williams at 2022-02-23T11:40:20+00:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6529,7 +6529,7 @@ CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.
NOTE: https://github.com/PrismJS/prism/pull/3341
NOTE: https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c (v1.27.0)
CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...)
- TODO: check
+ NOT-FOR-US: next.js
CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...)
- swtpm 0.7.1-1
NOTE: https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw
@@ -6628,10 +6628,11 @@ CVE-2022-23610
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
+ - asterisk <unfixed>
- pjproject <removed>
+ - ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62
NOTE: https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f
- TODO: check if it has security impact for asterisk/ring
CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...)
- python-treq <unfixed> (bug #1005041)
NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc
@@ -18472,7 +18473,7 @@ CVE-2022-21722 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36
NOTE: https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a
CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...)
- TODO: check
+ NOT-FOR-US: next.js
CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...)
- glpi <removed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
@@ -18545,7 +18546,7 @@ CVE-2022-21698 (client_golang is the instrumentation library for Go applications
NOTE: https://github.com/prometheus/client_golang/pull/962
NOTE: https://github.com/prometheus/client_golang/pull/987
CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...)
- TODO: check
+ NOT-FOR-US: Jupyter Server Proxy
CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...)
- onionshare <unfixed>
NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7cc1e374cbca04e30cae9a50fb9111ba1abb97e7...f2b50ab86c38c74cbdedaac2ccf0a3f23e2df20b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7cc1e374cbca04e30cae9a50fb9111ba1abb97e7...f2b50ab86c38c74cbdedaac2ccf0a3f23e2df20b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220223/6be38900/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list