[Git][security-tracker-team/security-tracker][master] Add CVE-2025-54995/asterisk

Thu Aug 28 21:53:49 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
180397a0 by Salvatore Bonaccorso at 2025-08-28T22:53:16+02:00
Add CVE-2025-54995/asterisk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -110,7 +110,12 @@ CVE-2025-55583 (D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains
 CVE-2025-55175 (QuickCMS is vulnerable to Reflected XSS via sLangEditparameter in admi ...)
 	NOT-FOR-US: QuickCMS
 CVE-2025-54995 (Asterisk is an open source private branch exchange and telephony toolk ...)
-	TODO: check
+	- asterisk 1:22.2.0~dfsg+~cs6.15.60671435-1
+	NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2
+	NOTE: https://github.com/asterisk/asterisk/pull/1405
+	NOTE: https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d
+	NOTE: 1:22.2.0~dfsg+~cs6.15.60671435-1 is the first version in unstable updating
+	NOTE: the bundled pjproject to 2.15.1.
 CVE-2025-54819 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
 	NOT-FOR-US: SS1
 CVE-2025-54762 (SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/180397a04860f90864660457f214f3668fc35d4e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/180397a04860f90864660457f214f3668fc35d4e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250828/7fe0c898/attachment.htm>
