Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7273a8db by Moritz Muehlenhoff at 2022-12-07T20:11:47+01:00 bullseye triage - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1892,6 +1892,7 @@ CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to versio CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) [experimental] - capnproto 0.9.2-1 - capnproto <unfixed> + [bullseye] - capnproto <no-dsa> (Breaks API and requires rebuilds, possibly via point release) - rust-capnp <unfixed> NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx NOTE: https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 @@ -11084,6 +11085,7 @@ CVE-2022-3698 RESERVED CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...) - ansible 7.0.0+dfsg-1 + [bullseye] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664 NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199 CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...) @@ -11545,6 +11547,7 @@ CVE-2022-3651 CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit] RESERVED - ceph 16.2.10+ds-4 (bug #1024932) + [bullseye] - ceph <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1 NOTE: https://tracker.ceph.com/issues/57967 NOTE: https://github.com/ceph/ceph/pull/48713 @@ -14171,10 +14174,12 @@ CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 befo - mahara <removed> CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...) - asterisk <unfixed> + [bullseye] - asterisk <no-dsa> (Minor issue) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...) - asterisk <unfixed> + [bullseye] - asterisk <no-dsa> (Minor issue) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html CVE-2022-42704 @@ -22630,6 +22635,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table o NOT-FOR-US: DiscoTOC Discourse theme CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk <unfixed> + [bullseye] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg @@ -22726,6 +22732,7 @@ CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repos NOT-FOR-US: Makedeb Mist CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...) - asterisk <unfixed> + [bullseye] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj @@ -28243,6 +28250,7 @@ CVE-2022-37326 RESERVED CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...) - asterisk <unfixed> + [bullseye] - asterisk <no-dsa> (Minor issue) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103 NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html CVE-2022-37324 ===================================== data/dsa-needed.txt ===================================== @@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it. If needed, specify the release by adding a slash after the name of the source package. +-- +cacti -- frr -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7273a8dbf6549ed1189d224452d086414a70109b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7273a8dbf6549ed1189d224452d086414a70109b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits