[Git][security-tracker-team/security-tracker][master] CVE-2025-49832/asterisk does not affect bullseye

Adrian Bunk (@bunk) bunk at debian.org
Fri Aug 8 16:31:49 BST 2025 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aba7cefa by Adrian Bunk at 2025-08-08T18:30:33+03:00
CVE-2025-49832/asterisk does not affect bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1493,7 +1493,12 @@ CVE-2025-4684 (The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines,
 	NOT-FOR-US: WordPress plugin
 CVE-2025-49832 (Asterisk is an open source private branch exchange and telephony toolk ...)
 	- asterisk 1:22.5.1~dfsg+~cs6.15.60671435-1 (bug #1110317)
+	[bullseye] - asterisk <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr
+	NOTE: Introduced by: https://github.com/asterisk/asterisk/commit/628f8d7a43517e5da5becda33471dc2c44841bb6 (22.0.0-pre1)
+	NOTE: Earliest version with backport of the vulnerable code is 18.22.0-rc1
+	NOTE: Fixed by: https://github.com/asterisk/asterisk/commit/723410e3126e2d6a6a05e89cdf0cb23f4556af3a (master)
+	NOTE: Fixed by: https://github.com/asterisk/asterisk/commit/f8c6ad7916a9d233eb9e685365132e0435535216 (22.5.1)
 CVE-2025-48074 (OpenEXR provides the specification and reference implementation of the ...)
 	- openexr <unfixed> (bug #1110261)
 	[bookworm] - openexr <no-dsa> (Minor issue)


=====================================
data/dla-needed.txt
=====================================
@@ -47,9 +47,6 @@ apache2 (rouca)
   NOTE: 20250714: Try to find fixes on github repo (rouca)
   NOTE: 20250729: AWX load balancer broken by security fixes. Will wait a little bit (rouca)
 --
-asterisk
-  NOTE: 20250808: Added by Front-Desk (rouca)
---
 busybox
   NOTE: 20250425: Added by Front-Desk (rouca)
   NOTE: 20250519: Asked maintainers about any pending work and offered help.  (spwhitton)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba7cefadc5a14bf29110f1ddc0132113d4738dc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aba7cefadc5a14bf29110f1ddc0132113d4738dc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250808/3e95623c/attachment.htm>

More information about the debian-security-tracker-commits mailing list