March 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2254635] New: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [fedora-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254635 Bug ID: 2254635 Summary: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [fedora-all] Product: Fedora Version: 38 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254633 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254635 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 10

[Bug 2254632] New: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [fedora-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254632 Bug ID: 2254632 Summary: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [fedora-all] Product: Fedora Version: 38 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254630 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254632 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 10

[Bug 2254627] New: TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [fedora-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254627 Bug ID: 2254627 Summary: TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [fedora-all] Product: Fedora Version: 38 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254625 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254627 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 10

[Bug 2150951] New: CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [fedora-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2150951 Bug ID: 2150951 Summary: CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [fedora-all] Product: Fedora Version: 37 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150949 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150951

1 11

[Bug 2150945] New: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2150945 Bug ID: 2150945 Summary: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all] Product: Fedora Version: 37 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jsmith.fedora(a)gmail.com Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150943 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150945

1 11

[Bug 2255322] New: asterisk: PJSIP logging allows attacker to inject fake Asterisk log entries [epel-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2255322 Bug ID: 2255322 Summary: asterisk: PJSIP logging allows attacker to inject fake Asterisk log entries [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2255321 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2255322 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 10

[Bug 2254634] New: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [epel-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254634 Bug ID: 2254634 Summary: TRIAGE CVE-2023-49786 asterisk: race condition in the hello handshake phase of the DTLS protocol triggers denial of service [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254633 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254634 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2254631] New: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [epel-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254631 Bug ID: 2254631 Summary: TRIAGE CVE-2023-49294 asterisk: access to arbitrary files via directory traversal [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254630 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254631 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 9

[Bug 2254626] New: TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [epel-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2254626 Bug ID: 2254626 Summary: TRIAGE CVE-2023-37457 asterisk: potential buffer overflow in PJSIP_HEADER dialplan function [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2254625 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254626 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2173707] New: CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multiple Vulnerabilities [epel-all]
by bugzilla＠redhat.com 12 Apr '26

12 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2173707 Bug ID: 2173707 Summary: CVE-2021-438450 CVE-2021-438451 CVE-2022-217221 CVE-2022-247541 CVE-2022-247542 CVE-2022-247631 CVE-2022-247633 CVE-2022-247641 CVE-2022-247644 CVE-2022-247931 CVE-2022-247935 asterisk: pjsip: Multiple Vulnerabilities [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2173705 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2173707

1 8

2026

2025

2024

2023

2022

2021

Epel-packagers-sig March 2024