[Git][security-tracker-team/security-tracker][master] Reserve DLA-3194-1 for asterisk

Thu Nov 17 11:22:35 GMT 2022


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc386a49 by Markus Koschany at 2022-11-17T12:22:29+01:00
Reserve DLA-3194-1 for asterisk

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Nov 2022] DLA-3194-1 asterisk - security update
+	{CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651}
+	[buster] - asterisk 1:16.28.0~dfsg-0+deb10u1
 [17 Nov 2022] DLA-3193-1 joblib - security update
 	{CVE-2022-21797}
 	[buster] - joblib 0.13.0-2+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -20,16 +20,6 @@ android-platform-system-core
   NOTE: 20221102: Consider ignoring this if Debian Security team see the CVEs as minor. (ola)
   NOTE: 20221103: Both PoCs (CVE-2022-20128 & CVE-2022-3168) work for me in buster (Beuc/front-desk)
 --
-asterisk (Markus Koschany)
-  NOTE: 20220810: Programming language: C.
-  NOTE: 20220829: Ongoing triaging work. Maybe we should think about syncing
-  NOTE: 20220829: bullseye and buster. (apo)
-  NOTE: 20221002: Done. Will ask for a public review tomorrow though. (apo)
-  NOTE: 20221018: https://lists.debian.org/debian-lts/2022/10/msg00037.html
-  NOTE: 20221113: I intend to upload on 15.11.2022. I got positive feedback
-  NOTE: 20221113: from a Bullseye user and Asterisk's maintainer seemed okay
-  NOTE: 20221113: with it as well.
---
 ceph
   NOTE: 20221031: Programming language: C++.
   NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc386a49c91f48b36493999ad155a500cbb56394

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc386a49c91f48b36493999ad155a500cbb56394
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221117/e0875bb3/attachment-0001.htm>
