Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7273a8db by Moritz Muehlenhoff at 2022-12-07T20:11:47+01:00
bullseye triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1892,6 +1892,7 @@ CVE-2022-46150 (Discourse is an open-source discussion
platform. Prior to versio
CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure
call (RP ...)
[experimental] - capnproto 0.9.2-1
- capnproto <unfixed>
+ [bullseye] - capnproto <no-dsa> (Breaks API and requires rebuilds,
possibly via point release)
- rust-capnp <unfixed>
NOTE:
https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx
NOTE:
https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9
@@ -11084,6 +11085,7 @@ CVE-2022-3698
RESERVED
CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when
using th ...)
- ansible 7.0.0+dfsg-1
+ [bullseye] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
CVE-2022-3696 (A post-auth code injection vulnerability allows admins to
execute code ...)
@@ -11545,6 +11547,7 @@ CVE-2022-3651
CVE-2022-3650 [ceph-crash.service allows local ceph user to root exploit]
RESERVED
- ceph 16.2.10+ds-4 (bug #1024932)
+ [bullseye] - ceph <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
NOTE: https://tracker.ceph.com/issues/57967
NOTE: https://github.com/ceph/ceph/pull/48713
@@ -14171,10 +14174,12 @@ CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10
before 21.10.5, 22.04 befo
- mahara <removed>
CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17
and 18 t ...)
- asterisk <unfixed>
+ [bullseye] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html
CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk
16.28, 18.1 ...)
- asterisk <unfixed>
+ [bullseye] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html
CVE-2022-42704
@@ -22630,6 +22635,7 @@ CVE-2022-39270 (DiscoTOC is a Discourse theme component
that generates a table o
NOT-FOR-US: DiscoTOC Discourse theme
CVE-2022-39269 (PJSIP is a free and open source multimedia communication
library writt ...)
- asterisk <unfixed>
+ [bullseye] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
@@ -22726,6 +22732,7 @@ CVE-2022-39245 (Mist is the command-line interface for
the makedeb Package Repos
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication
library writt ...)
- asterisk <unfixed>
+ [bullseye] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring <unfixed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
@@ -28243,6 +28250,7 @@ CVE-2022-37326
RESERVED
CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through
18.14.0, an ...)
- asterisk <unfixed>
+ [bullseye] - asterisk <no-dsa> (Minor issue)
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103
NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html
CVE-2022-37324
=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
+--
+cacti
--
frr
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7273a8dbf6549ed1189d224452d086414a70109b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7273a8dbf6549ed1189d224452d086414a70109b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
