Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0107bea1 by Salvatore Bonaccorso at 2023-02-08T08:37:32+01:00
Track more fixes for ring via unstable upload
Thanks: Amin Bandali
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38153,7 +38153,7 @@ CVE-2022-39269 (PJSIP is a free and open source
multimedia communication library
- asterisk <unfixed>
[bullseye] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring 20230206.0~ds1-1
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg
NOTE:
https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked
by an att ...)
@@ -38250,7 +38250,7 @@ CVE-2022-39244 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
[bullseye] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed>
+ - ring 20230206.0~ds1-1
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
NOTE:
https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
CVE-2022-39243 (NuProcess is an external process execution implementation for
Java. In ...)
@@ -79511,7 +79511,7 @@ CVE-2022-24792 (PJSIP is a free and open source
multimedia communication library
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- - ring <unfixed> (unimportant)
+ - ring 20230206.0~ds1-1 (unimportant)
NOTE: code is present in ring but ring only uses the pjsip code, not
pjmedia
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799
NOTE:
https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213
@@ -79538,7 +79538,7 @@ CVE-2022-24786 (PJSIP is a free and open source
multimedia communication library
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
[stretch] - pjproject <not-affected> (Vulnerable code not present)
- - ring <unfixed> (unimportant)
+ - ring 20230206.0~ds1-1 (unimportant)
NOTE: code is present in ring but ring only uses the pjsip code, not
pjmedia
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q
NOTE:
https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508
@@ -84074,13 +84074,13 @@ CVE-2022-23548 (Discourse is an option source
discussion platform. Prior to vers
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication
library writt ...)
- asterisk <unfixed>
- - ring <unfixed>
+ - ring 20230206.0~ds1-1
- pjproject <removed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE:
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication
library writt ...)
- asterisk <unfixed>
- - ring <unfixed>
+ - ring 20230206.0~ds1-1
- pjproject <removed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE:
https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0107bea103fdfb40c13a741214ee2ca577e51d40
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0107bea103fdfb40c13a741214ee2ca577e51d40
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
