Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
54f12367 by Salvatore Bonaccorso at 2026-06-26T21:22:09+02:00
Track fixed version for asterisk issues via unstable

Thanks to Thorsten Alteholz for the triage.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34844,7 +34844,7 @@ CVE-2026-42239 (Budibase is an open-source low-code 
platform. Prior to version 3
 CVE-2026-42225 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1136007)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1136007)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-x2fv-6j6c-pxmx
        NOTE: 
https://github.com/pjsip/pjproject/commit/ef684252bb62b0716675b6e99ad7fe4c90e28920
 (2.17)
 CVE-2026-42203 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
@@ -42606,14 +42606,14 @@ CVE-2026-41492 (Dgraph is an open source distributed 
GraphQL database. Prior to
        NOT-FOR-US: Dgraph
 CVE-2026-41416 (PJSIP is a free and open source multimedia communication 
library writt ...)
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        [bullseye] - asterisk <not-affected> (Vulnerable code uses different 
unit)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr
        NOTE: 
https://github.com/pjsip/pjproject/commit/66fe416c96e957417621b7be16e9e587d159f9bb
 (2.17)
 CVE-2026-41415 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-935m-fmf5-j4pm
        NOTE: 
https://github.com/pjsip/pjproject/commit/4225a93c16661538005017883fbc8f1ea1d5f4b0
 (2.17)
 CVE-2026-41414 (Skim is a fuzzy finder designed to through files, lines, and 
commands. ...)
@@ -45504,7 +45504,7 @@ CVE-2026-40895 (follow-redirects is an open source, 
drop-in replacement for Node
        NOTE: 
https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9
 (v1.16.0)
 CVE-2026-40892 (PJSIP is a free and open source multimedia communication 
library writt ...)
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        [bullseye] - asterisk <not-affected> (Vulnerable code 
(pjsip_auth_create_digest2()) not present)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-2wcg-w3c4-48r7
        NOTE: 
https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687
 (2.17)
@@ -45957,7 +45957,7 @@ CVE-2026-40865 (Horilla is a free and open source Human 
Resource Management Syst
 CVE-2026-40614 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g
        NOTE: 
https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e
 (2.17)
 CVE-2026-40613 (Coturn is a free open source implementation of TURN and STUN 
Server. P ...)
@@ -56883,7 +56883,7 @@ CVE-2026-34237 (MCP Java SDK is the official Java SDK 
for Model Context Protocol
 CVE-2026-34235 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-pqrm-53pc-wx28
        NOTE: 
https://github.com/pjsip/pjproject/commit/f4c7d08211da1fe2ad1504434a0ad99d12aa7536
 CVE-2026-34231 (Slippers is a UI component framework for Django. Prior to 
version 0.6. ...)
@@ -63527,7 +63527,7 @@ CVE-2026-33070 (FileRise is a self-hosted web file 
manager / WebDAV server. In v
 CVE-2026-33069 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj
        NOTE: 
https://github.com/pjsip/pjproject/commit/f0fa32a226df5f87a9903093e5d145ebb69734db
 CVE-2026-33068 (Claude Code is an agentic coding tool. Versions prior to 
2.1.53 resolv ...)
@@ -63873,13 +63873,13 @@ CVE-2026-32946 (Harden-Runner is a CI/CD security 
agent that works like an EDR f
 CVE-2026-32945 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-jr2p-p2w4-rr9q
        NOTE: 
https://github.com/pjsip/pjproject/commit/5311aee398ae9d623829a6bad7b679a193c9e199
 CVE-2026-32942 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7
        NOTE: https://github.com/pjsip/pjproject/issues/1451
        NOTE: 
https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a
@@ -70319,7 +70319,7 @@ CVE-2026-29073 (SiYuan is a personal knowledge 
management system. Prior to versi
 CVE-2026-29068 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f
        NOTE: 
https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967
 CVE-2026-29065 (changedetection.io is a free open source web page change 
detection too ...)
@@ -70375,7 +70375,7 @@ CVE-2026-28800 (Natro Macro is an open-source Bee Swarm 
Simulator macro written
 CVE-2026-28799 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc
        NOTE: 
https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1
 CVE-2026-28795 (OpenChatBI is an intelligent chat-based BI tool powered by 
large langu ...)
@@ -76677,7 +76677,7 @@ CVE-2026-26972 (OpenClaw is a personal AI assistant. In 
versions 2026.1.12 throu
 CVE-2026-26967 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-x2hc-6969-g8v6
        NOTE: 
https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491
 CVE-2026-26964 (Windmill is an open-source developer platform for internal 
code: APIs, ...)
@@ -76924,7 +76924,7 @@ CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce 
OPA policies with Envoy.
 CVE-2026-26203 (PJSIP is a free and open source multimedia communication 
library. Vers ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-p965-mf7j-gwv8
        NOTE: Fixed by: 
https://github.com/pjsip/pjproject/commit/5aee54f09d4f91538d55279d7316591b28fded6c
 CVE-2026-26202 (Penpot is an open-source design tool for design and code 
collaboration ...)
@@ -80064,7 +80064,7 @@ CVE-2026-25999 (Klaw is a self-service Apache Kafka 
Topic Management/Governance
 CVE-2026-25994 (PJSIP is a free and open source multimedia communication 
library writt ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1134884)
+       - asterisk 1:22.10.0+dfsg+~cs6.17.60671434-1 (bug #1134884)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp
        NOTE: Fixed by: 
https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0
 CVE-2026-25935 (Vikunja is a todo-app to organize your life. Prior to 1.1.0, 
TaskGlanc ...)
@@ -113965,7 +113965,7 @@ CVE-2025-65106 (LangChain is a framework for building 
agents and LLM-powered app
 CVE-2025-65102 (PJSIP is a free and open source multimedia communication 
library. Prio ...)
        {DLA-4631-1}
        - pjproject <removed>
-       - asterisk <unfixed> (bug #1135620)
+       - asterisk 1:22.9.0+dfsg+~cs6.16.60671434-1 (bug #1135620)
        NOTE: 
https://github.com/pjsip/pjproject/security/advisories/GHSA-w5vr-39x7-h8g5
        NOTE: 
https://github.com/pjsip/pjproject/commit/6e9bd2e7d25bba26f852771b40693f45da14fa8f
 CVE-2025-65092 (ESF-IDF is the Espressif Internet of Things (IOT) Development 
Framewor ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f12367a3af8125cc1f27c42dc3373d3516f405

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54f12367a3af8125cc1f27c42dc3373d3516f405
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to