new h2database issue

new tripleo issue (removed) concludes external check
author: Moritz Muehlenhoff <jmm@debian.org> 2022-01-17 11:48:22 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2022-01-17 11:48:22 +0100
commit: 6da7af6b2e20798fcc2b1f101ed64329944fdfbe (patch)
tree: a71a8a41775c6989b364572becf5e5dc468dbb9d
parent: 345bb88afca4e683c8ae11f86c725a631757f032 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 80d958dedd..ec1b4dc74a 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4330,6 +4330,8 @@ CVE-2021-45733
 	RESERVED
 CVE-2021-4180
 	RESERVED
+	- tripleo-heat-templates <removed>
+	NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397
 CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: livehelperchat
 CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
@@ -17040,7 +17042,9 @@ CVE-2020-36487
 CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain  ...)
 	NOT-FOR-US: Swift File Transfer Mobile
 CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
-	TODO: check
+	- h2database <unfixed>
+	NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
+	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
 CVE-2021-42391
 	RESERVED
 CVE-2021-42390
author	Moritz Muehlenhoff <jmm@debian.org>	2022-01-17 11:48:22 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2022-01-17 11:48:22 +0100
commit	6da7af6b2e20798fcc2b1f101ed64329944fdfbe (patch)
tree	a71a8a41775c6989b364572becf5e5dc468dbb9d
parent	345bb88afca4e683c8ae11f86c725a631757f032 (diff)