[Git][security-tracker-team/security-tracker][master] asterisk uses packaged libpjproject-dev
Abhijith PA (@abhijith)
abhijith at debian.org
Sat May 28 09:14:58 BST 2022
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cba9b4c7 by Abhijith PA at 2022-05-28T13:44:26+05:30
asterisk uses packaged libpjproject-dev
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -14649,6 +14649,7 @@ CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with w
NOT-FOR-US: nats-server
CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...)
- asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1
+ [stretch] - asterisk <postponed> (Fix in next upload)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29838
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-003.html
CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...)
@@ -19827,12 +19828,14 @@ CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...)
- asterisk <unfixed>
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...)
- asterisk <unfixed>
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed> (unimportant)
NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia
@@ -19857,6 +19860,7 @@ CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Vir
NOT-FOR-US: Vyper
CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...)
- asterisk <unfixed>
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed> (unimportant)
NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia
@@ -19946,12 +19950,14 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat
CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
{DLA-2962-1}
- asterisk <unfixed>
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...)
- asterisk <unfixed>
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
[stretch] - pjproject <postponed> (Minor issue, infinite loop DoS)
- ring <unfixed>
@@ -19996,6 +20002,7 @@ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recove
CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...)
{DLA-2962-1}
- asterisk <unfixed>
+ [stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662
=====================================
data/dla-needed.txt
=====================================
@@ -19,9 +19,6 @@ rather than remove/replace existing ones.
--
amd64-microcode
--
-asterisk (Abhijith PA)
- NOTE: 20220424: programming language C
---
avahi
NOTE: 20220523: Follow buster: harmonize with with Debian 10.9 (1 Debian-specific CVE) (Beuc/front-desk)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cba9b4c7d81d96c6b4faa53e998d20e24684ede3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cba9b4c7d81d96c6b4faa53e998d20e24684ede3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220528/6a51cb48/attachment.htm>
More information about the debian-security-tracker-commits
mailing list