[Git][security-tracker-team/security-tracker][master] new asterisk/ring issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 12 19:23:52 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
872d5a0f by Moritz Muehlenhoff at 2023-04-12T20:23:25+02:00
new asterisk/ring issue
new libyang issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8546,7 +8546,11 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics libra
 	NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
 	NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3)
 CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...)
-	TODO: check
+	- asterisk <unfixed>
+	- ring <unfixed>
+	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr
+	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4
+	NOTE: https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5
 CVE-2023-27584
 	RESERVED
 CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...)
@@ -10314,7 +10318,8 @@ CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox
 CVE-2023-26918
 	RESERVED
 CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
-	TODO: check
+	- libyang2 <unfixed>
+	NOTE: https://github.com/CESNET/libyang/issues/1987
 CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...)
 	- libyang2 <unfixed> (bug #1034154)
 	NOTE: https://github.com/CESNET/libyang/issues/1979



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872d5a0f45c14ee49e0d4fdb9d34683aab335bb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/872d5a0f45c14ee49e0d4fdb9d34683aab335bb6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230412/673bdc39/attachment.htm>

More information about the debian-security-tracker-commits mailing list