new h2database issue

new tripleo issue (removed) concludes external check
author: Moritz Muehlenhoff <jmm@debian.org> 2022-01-17 11:48:22 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2022-01-17 11:48:22 +0100
commit: 61e354e6c0bf497ada1e32442268a169325a8bfe (patch)
tree: 902d83f9a92d8589dbf6a4ed7c24c86e7fa5925e /data
parent: 55f41de5e0da4136190017787336e34b828dc7a8 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index bc98467ece..9b8a8bbb89 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1459,6 +1459,8 @@ CVE-2021-45733
 	RESERVED
 CVE-2021-4180
 	RESERVED
+	- tripleo-heat-templates <removed>
+	NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397
 CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: livehelperchat
 CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
@@ -9885,7 +9887,9 @@ CVE-2021-42394
 CVE-2021-42393
 	RESERVED
 CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
-	TODO: check
+	- h2database <unfixed>
+	NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
+	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
 CVE-2021-42391
 	RESERVED
 CVE-2021-42390
author	Moritz Muehlenhoff <jmm@debian.org>	2022-01-17 11:48:22 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2022-01-17 11:48:22 +0100
commit	61e354e6c0bf497ada1e32442268a169325a8bfe (patch)
tree	902d83f9a92d8589dbf6a4ed7c24c86e7fa5925e /data
parent	55f41de5e0da4136190017787336e34b828dc7a8 (diff)