diff options
author | Markus Koschany <apo@debian.org> | 2022-11-17 12:22:29 +0100 |
---|---|---|
committer | Markus Koschany <apo@debian.org> | 2022-11-17 12:22:29 +0100 |
commit | bc386a49c91f48b36493999ad155a500cbb56394 (patch) | |
tree | c55b790661cbff659e23c5c40dfd96351ea251f8 /data | |
parent | 557d34f33720d48cc6e183a9bd11d8a4994210d0 (diff) |
Reserve DLA-3194-1 for asterisk
Diffstat (limited to 'data')
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 10 |
2 files changed, 3 insertions, 10 deletions
diff --git a/data/DLA/list b/data/DLA/list index 8a908a4a55..ae690079fe 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[17 Nov 2022] DLA-3194-1 asterisk - security update + {CVE-2021-37706 CVE-2021-43299 CVE-2021-43300 CVE-2021-43301 CVE-2021-43302 CVE-2021-43303 CVE-2021-43804 CVE-2021-43845 CVE-2021-46837 CVE-2022-21722 CVE-2022-21723 CVE-2022-23608 CVE-2022-24763 CVE-2022-24764 CVE-2022-24786 CVE-2022-24792 CVE-2022-24793 CVE-2022-26498 CVE-2022-26499 CVE-2022-26651} + [buster] - asterisk 1:16.28.0~dfsg-0+deb10u1 [17 Nov 2022] DLA-3193-1 joblib - security update {CVE-2022-21797} [buster] - joblib 0.13.0-2+deb10u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index cc3bc01832..68ae4b5a08 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -20,16 +20,6 @@ android-platform-system-core NOTE: 20221102: Consider ignoring this if Debian Security team see the CVEs as minor. (ola) NOTE: 20221103: Both PoCs (CVE-2022-20128 & CVE-2022-3168) work for me in buster (Beuc/front-desk) -- -asterisk (Markus Koschany) - NOTE: 20220810: Programming language: C. - NOTE: 20220829: Ongoing triaging work. Maybe we should think about syncing - NOTE: 20220829: bullseye and buster. (apo) - NOTE: 20221002: Done. Will ask for a public review tomorrow though. (apo) - NOTE: 20221018: https://lists.debian.org/debian-lts/2022/10/msg00037.html - NOTE: 20221113: I intend to upload on 15.11.2022. I got positive feedback - NOTE: 20221113: from a Bullseye user and Asterisk's maintainer seemed okay - NOTE: 20221113: with it as well. --- ceph NOTE: 20221031: Programming language: C++. NOTE: 20221031: To be checked further. Not clear whether the vulnerability can be exploited in a Debian system. |