Reserve DLA-3194-1 for asterisk

2 files changed, 3 insertions, 10 deletions

diff --git a/data/DLA/list b/data/DLA/list
index 8a908a4a55..ae690079fe 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[17 Nov 2022] DLA-3194-1 asterisk - security update
+	{CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651}
+	[buster] - asterisk 1:16.28.0~dfsg-0+deb10u1
 [17 Nov 2022] DLA-3193-1 joblib - security update
 	{CVE-2022-21797}
 	[buster] - joblib 0.13.0-2+deb10u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index cc3bc01832..68ae4b5a08 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -20,16 +20,6 @@ android-platform-system-core
   NOTE: 20221102: Consider ignoring this if Debian Security team see the CVEs as minor. (ola)
   NOTE: 20221103: Both PoCs (CVE-2022-20128 & CVE-2022-3168) work for me in buster (Beuc/front-desk)
 --
-asterisk (Markus Koschany)
-  NOTE: 20220810: Programming language: C.
-  NOTE: 20220829: Ongoing triaging work. Maybe we should think about syncing
-  NOTE: 20220829: bullseye and buster. (apo)
-  NOTE: 20221002: Done. Will ask for a public review tomorrow though. (apo)
-  NOTE: 20221018: https://lists.debian.org/debian-lts/2022/10/msg00037.html
-  NOTE: 20221113: I intend to upload on 15.11.2022. I got positive feedback
-  NOTE: 20221113: from a Bullseye user and Asterisk's maintainer seemed okay
-  NOTE: 20221113: with it as well.
---
 ceph
   NOTE: 20221031: Programming language: C++.
   NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system.