From b1c6effb287b11ea7df9218713fd1abeaca47722 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 19 Jan 2022 21:18:31 +0100
Subject: Track drupal7 issues affected by the embedded copy of jqueryui

Link: https://www.drupal.org/sa-core-2022-001
Link: https://www.drupal.org/sa-core-2022-002
---
 data/CVE/list | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'data/CVE/list')

diff --git a/data/CVE/list b/data/CVE/list
index d52a2afd3e..ea59448751 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20845,18 +20845,22 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
 	NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
 CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
 	NOTE: https://bugs.jqueryui.com/ticket/15284
 	NOTE: https://github.com/jquery/jquery-ui/pull/1953
+	NOTE: https://www.drupal.org/sa-core-2022-001
 CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
 	NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2021-41181
 	RESERVED
 CVE-2021-41180
@@ -325897,6 +325901,7 @@ CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Con
 	NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
 	NOTE: https://mantisbt.org/bugs/view.php?id=21263
 CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...)
+	- drupal7 <removed>
 	- jqueryui 1.12.1+dfsg-1
 	[jessie] - jqueryui <no-dsa> (Minor issue)
 	[wheezy] - jqueryui <no-dsa> (Minor issue)
@@ -325904,6 +325909,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12
 	NOTE: https://github.com/jquery/jquery-ui/pull/1622
 	NOTE: https://github.com/jquery/jquery-ui/pull/1632
 	NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
 	{DSA-3663-1 DLA-614-1}
 	- xen 4.8.0~rc3-1
@@ -377343,10 +377349,12 @@ CVE-2013-7410
 	RESERVED
 CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
 	{DSA-3249-1 DLA-258-1}
+	- drupal7 <removed>
 	- jqueryui 1.10.1+dfsg-1
 	- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
 	NOTE: http://bugs.jqueryui.com/ticket/6016
 	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2010-5311
 	RESERVED
 CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU bi ...)
-- 
cgit v1.2.3