Checked multiple CVEs in pjproject against asterisk and ring

More updates to follow

1 files changed, 32 insertions, 9 deletions

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 78ec0438e7..9b45ef4a59 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -7594,11 +7594,12 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio
 CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
 	NOT-FOR-US: solidus_frontend
 CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
+	- asterisk <unfixed>
 	- pjproject <removed>
+	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
 	NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
 	NOTE: https://github.com/pjsip/pjproject/pull/2924
-	TODO: check, might affect in impact src:ring
 CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...)
 	NOT-FOR-US: MSEdgeRedirect
 CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...)
@@ -7695,10 +7696,11 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili
 CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
 	NOT-FOR-US: Solidus
 CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
+	- asterisk <unfixed>
 	- pjproject <removed>
+	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
 	NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
-	TODO: check, might affect in impact src:ring
 CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...)
 	NOT-FOR-US: next.js
 CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...)
@@ -9026,15 +9028,35 @@ CVE-2021-43305
 CVE-2021-43304
 	RESERVED
 CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
-	TODO: check
+	- asterisk <unfixed>
+	- pjproject <removed>
+	- ring <unfixed>
+	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
-	TODO: check
+	- asterisk <unfixed>
+	- pjproject <removed>
+	- ring <unfixed>
+	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
-	TODO: check
+	- asterisk <unfixed>
+	- pjproject <removed>
+	- ring <unfixed>
+	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
-	TODO: check
+	- asterisk <unfixed>
+	- pjproject <removed>
+	- ring <unfixed>
+	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
-	TODO: check
+	- asterisk <unfixed>
+	- pjproject <removed>
+	- ring <unfixed>
+	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
+	NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
 CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...)
 	NOT-FOR-US: GoAhead Web Server
 CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...)
@@ -22772,10 +22794,11 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
 CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
 	NOT-FOR-US: Shopware
 CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
+	- asterisk <unfixed>
 	- pjproject <removed>
+	- ring <unfixed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984
 	NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865
-	TODO: check, might affect in impact src:ring
 CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...)
 	NOT-FOR-US: OneFuzz
 CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...)
@@ -34567,11 +34590,11 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library
 	[stretch] - asterisk <not-affected> (Vulnerable code not present)
 	- pjproject <removed>
 	[stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch)
+	- ring <unfixed>
 	NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr
 	NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd
 	NOTE: https://github.com/pjsip/pjproject/pull/2716
-	TODO: check, might affect in impact src:ring
 CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...)
 	NOT-FOR-US: tEnvoy
 CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...)