diff options
author | Neil Williams <codehelp@debian.org> | 2022-02-18 11:23:52 +0000 |
---|---|---|
committer | Neil Williams <codehelp@debian.org> | 2022-02-18 11:24:42 +0000 |
commit | 9ad73aa14a5743394e8c62ef1d04628e4ba5dd51 (patch) | |
tree | 8914c5c7b27662f8649f672b9b99eb08977c2ae7 /data/CVE/2021.list | |
parent | 08741bee6ed006fd1d19f60d77fff99f18ffe8fe (diff) |
Checked multiple CVEs in pjproject against asterisk and ring
More updates to follow
Diffstat (limited to 'data/CVE/2021.list')
-rw-r--r-- | data/CVE/2021.list | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 78ec0438e7..9b45ef4a59 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -7594,11 +7594,12 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) NOT-FOR-US: solidus_frontend CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...) + - asterisk <unfixed> - pjproject <removed> + - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 NOTE: https://github.com/pjsip/pjproject/pull/2924 - TODO: check, might affect in impact src:ring CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...) NOT-FOR-US: MSEdgeRedirect CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...) @@ -7695,10 +7696,11 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...) NOT-FOR-US: Solidus CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk <unfixed> - pjproject <removed> + - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9 NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e - TODO: check, might affect in impact src:ring CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...) NOT-FOR-US: next.js CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...) @@ -9026,15 +9028,35 @@ CVE-2021-43305 CVE-2021-43304 RESERVED CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...) - TODO: check + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...) - TODO: check + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...) - TODO: check + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...) - TODO: check + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...) - TODO: check + - asterisk <unfixed> + - pjproject <removed> + - ring <unfixed> + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...) NOT-FOR-US: GoAhead Web Server CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...) @@ -22772,10 +22794,11 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk <unfixed> - pjproject <removed> + - ring <unfixed> NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 - TODO: check, might affect in impact src:ring CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) NOT-FOR-US: OneFuzz CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) @@ -34567,11 +34590,11 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library [stretch] - asterisk <not-affected> (Vulnerable code not present) - pjproject <removed> [stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch) + - ring <unfixed> NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd NOTE: https://github.com/pjsip/pjproject/pull/2716 - TODO: check, might affect in impact src:ring CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...) NOT-FOR-US: tEnvoy CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) |