diff options
author | Markus Koschany <apo@debian.org> | 2022-02-12 21:18:30 +0100 |
---|---|---|
committer | Markus Koschany <apo@debian.org> | 2022-02-12 21:19:11 +0100 |
commit | 7bfa1ccfc40899fa0d8c79c30b80f0a9132894a1 (patch) | |
tree | 30880eca96db5db0cf0303f05b5241cbfa880f2f /data | |
parent | ff2279b26476798fccdfa3d297edfe14e1f2de0a (diff) |
Mark CVE-2022-23221 and CVE-2021-42392,h2database as fixed in unstable
CVE-2021-23463,h2database not affected because the method is not supported/used
in older releases.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2021 | 4 | ||||
-rw-r--r-- | data/CVE/list.2022 | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 42b7ad2d03..a1c2c890a1 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -11027,7 +11027,7 @@ CVE-2021-42394 CVE-2021-42393 RESERVED CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...) - - h2database <unfixed> (bug #1003894) + - h2database 2.1.210-1 (bug #1003894) NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ CVE-2021-42391 @@ -57088,7 +57088,7 @@ CVE-2021-23465 CVE-2021-23464 RESERVED CVE-2021-23463 (The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...) - - h2database <unfixed> + - h2database <not-affected> (vulnerable method is not supported) NOTE: https://github.com/h2database/h2database/issues/3195 NOTE: https://github.com/h2database/h2database/pull/3199 TODO: check, might not affect versions in Debian diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index e9e072e44b..70fff5a20a 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -4695,7 +4695,7 @@ CVE-2022-23224 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...) NOT-FOR-US: Apache ShenYu Admin CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) - - h2database <unfixed> + - h2database 2.1.210-1 NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210 CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...) {DSA-5052-1} |