[Git][security-tracker-team/security-tracker][master] Track more fixes for ring via unstable upload

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 8 07:38:09 GMT 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0107bea1 by Salvatore Bonaccorso at 2023-02-08T08:37:32+01:00
Track more fixes for ring via unstable upload

Thanks: Amin Bandali

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38153,7 +38153,7 @@ CVE-2022-39269 (PJSIP is a free and open source multimedia communication library
 	- asterisk <unfixed>
 	[bullseye] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
-	- ring <unfixed>
+	- ring 20230206.0~ds1-1
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
 	NOTE: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
 CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...)
@@ -38250,7 +38250,7 @@ CVE-2022-39244 (PJSIP is a free and open source multimedia communication library
 	- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
 	[bullseye] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
-	- ring <unfixed>
+	- ring 20230206.0~ds1-1
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
 	NOTE: https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
 CVE-2022-39243 (NuProcess is an external process execution implementation for Java. In ...)
@@ -79511,7 +79511,7 @@ CVE-2022-24792 (PJSIP is a free and open source multimedia communication library
 	- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
-	- ring <unfixed> (unimportant)
+	- ring 20230206.0~ds1-1 (unimportant)
 	NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
 	NOTE: https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
@@ -79538,7 +79538,7 @@ CVE-2022-24786 (PJSIP is a free and open source multimedia communication library
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	[stretch] - pjproject <not-affected> (Vulnerable code not present)
-	- ring <unfixed> (unimportant)
+	- ring 20230206.0~ds1-1 (unimportant)
 	NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q
 	NOTE: https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508
@@ -84074,13 +84074,13 @@ CVE-2022-23548 (Discourse is an option source discussion platform. Prior to vers
 	NOT-FOR-US: Discourse
 CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
 	- asterisk <unfixed>
-	- ring <unfixed>
+	- ring 20230206.0~ds1-1
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
 	NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
 CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...)
 	- asterisk <unfixed>
-	- ring <unfixed>
+	- ring 20230206.0~ds1-1
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
 	NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0107bea103fdfb40c13a741214ee2ca577e51d40

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0107bea103fdfb40c13a741214ee2ca577e51d40
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230208/eb976f7d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list