From 951c3a193442759c347c0279ca9fb63eeb1e45a9 Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Mon, 24 Jan 2022 11:56:19 +0000
Subject: Add CVEs for iotjs

---
 data/CVE/list.2021 | 60 ++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 45 insertions(+), 15 deletions(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index d735860b82..50f3cbf24a 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -110,37 +110,67 @@ CVE-2021-46353
 CVE-2021-46352
 	RESERVED
 CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940
 CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936
 CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...)
-	TODO: check
+	- iotjs <unfixed> (bug #1004288)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937
 CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...)
-	TODO: check
+	- iotjs <unfixed> (bug #1004288)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941
 CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938
 CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
-	TODO: check
+	- iotjs <unfixed> (bug #1004288)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939
 CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920
 CVE-2021-46344 (There is an Assertion 'flags &amp; PARSER_PATTERN_HAS_REST_ELEMENT' fa ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928
 CVE-2021-46343 (There is an Assertion 'context_p-&gt;token.type == LEXER_LITERAL' fail ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921
 CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934
 CVE-2021-46341
 	RESERVED
 CVE-2021-46340 (There is an Assertion 'context_p-&gt;stack_top_uint8 == SCAN_STACK_TRY ...)
-	TODO: check
+	- iotjs <unfixed> (bug #1004288)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924
 CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...)
-	TODO: check
+	- iotjs <undetermined>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935
 CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed  ...)
-	TODO: check
+	- iotjs <unfixed> (bug #1004288)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900
 CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930
 CVE-2021-46336 (There is an Assertion 'opts &amp; PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...)
-	TODO: check
+	- iotjs <not-affected> (Vulnerable code not yet introduced)
+	NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927
 CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...)
 	NOT-FOR-US: Moddable SDK
 CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...)
-- 
cgit v1.2.3