Mark CVE-2022-23221 and CVE-2021-42392,h2database as fixed in unstable

CVE-2021-23463,h2database not affected because the method is not supported/used
in older releases.

2 files changed, 3 insertions, 3 deletions

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 42b7ad2d03..a1c2c890a1 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -11027,7 +11027,7 @@ CVE-2021-42394
 CVE-2021-42393
 	RESERVED
 CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
-	- h2database <unfixed> (bug #1003894)
+	- h2database 2.1.210-1 (bug #1003894)
 	NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
 	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
 CVE-2021-42391
@@ -57088,7 +57088,7 @@ CVE-2021-23465
 CVE-2021-23464
 	RESERVED
 CVE-2021-23463 (The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...)
-	- h2database <unfixed>
+	- h2database <not-affected> (vulnerable method is not supported)
 	NOTE: https://github.com/h2database/h2database/issues/3195
 	NOTE: https://github.com/h2database/h2database/pull/3199
 	TODO: check, might not affect versions in Debian
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index e9e072e44b..70fff5a20a 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -4695,7 +4695,7 @@ CVE-2022-23224
 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
-	- h2database <unfixed>
+	- h2database 2.1.210-1
 	NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
 CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...)
 	{DSA-5052-1}