[Git][security-tracker-team/security-tracker][master] Reserve DLA-2962-1 for pjproject

Mon Mar 28 11:16:08 BST 2022


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc78f230 by Abhijith PA at 2022-03-28T15:45:41+05:30
Reserve DLA-2962-1 for pjproject

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -56119,7 +56119,6 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library
 	- asterisk 1:16.16.1~dfsg-2 (bug #991931)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
-	[stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch)
 	- ring <unfixed>
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Mar 2022] DLA-2962-1 pjproject - security update
+	{CVE-2021-32686 CVE-2021-37706 CVE-2021-41141 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24754 CVE-2022-24764}
+	[stretch] - pjproject 2.5.5~dfsg-6+deb9u3
 [22 Mar 2022] DLA-2961-1 thunderbird - security update
 	{CVE-2022-26381 CVE-2022-26383 CVE-2022-26384 CVE-2022-26386 CVE-2022-26387}
 	[stretch] - thunderbird 1:91.7.0-2~deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -89,12 +89,6 @@ nvidia-graphics-drivers
    NOTE: 20220209: monitor nvidia-graphics-drivers-legacy-390xx for a potential
    NOTE: 20220209: backport (apo)
 --
-pjproject (Abhijith PA)
-  NOTE: 20211230: patch available for the no-dsa issue, check its NOTE (pochu)
-  NOTE: 20220215: Asterisk and ring have embedded copy of pjproject (abhijith)
-  NOTE: 20220302: uploading asterisk, ring and pjproject in one go (abhijith)
-  NOTE: 20220314: https://people.debian.org/~abhijith/upload/vda/pjproject_2.5.5~dfsg-6+deb9u3.dsc
---
 qemu (Emilio)
   NOTE: 20220320: Vulnerable function appears to be vhost_vsock_send_transport_reset.
   NOTE: 20220320: Consider looking into postponed issues (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc78f2305d3be42d0d2477723dba3c10a9b0e2b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc78f2305d3be42d0d2477723dba3c10a9b0e2b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220328/8c2a0bca/attachment-0001.htm>
