[Git][security-tracker-team/security-tracker][master] more asterisk issues fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jul 14 18:07:57 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c2d8fd94 by Moritz Muehlenhoff at 2022-07-14T19:07:27+02:00
more asterisk issues fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30889,8 +30889,7 @@ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recove
 	NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
 CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
-	[stretch] - asterisk <not-affected> (Vulnerable code not present)
+	- asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
@@ -47420,7 +47419,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
 	NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
 CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -47950,7 +47949,7 @@ CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-
 	NOT-FOR-US: solidus_frontend
 CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -48055,7 +48054,7 @@ CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails
 	NOT-FOR-US: Solidus
 CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -50373,7 +50372,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
 	NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
 CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -50381,7 +50380,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An at
 	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -50389,7 +50388,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_crea
 	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -50397,7 +50396,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create.
 	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>
@@ -50405,7 +50404,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create.
 	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
 	{DLA-2962-1}
-	- asterisk <unfixed>
+	- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	- ring <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d8fd9402d6ea16308b27a94dd87343eb400787

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c2d8fd9402d6ea16308b27a94dd87343eb400787
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220714/93968d65/attachment.htm>

More information about the debian-security-tracker-commits mailing list