Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30d0969a by Salvatore Bonaccorso at 2024-07-30T14:38:34+02:00
Add upstream tag information for some CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -197055,7 +197055,7 @@ CVE-2022-24052 (MariaDB CONNECT Storage Engine
Heap-based Buffer Overflow Privil
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
- NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
+ NOTE: Fixed by:
https://github.com/MariaDB/server/commit/2925d0f2ee9847c1dcec9c3650ab2c71697a1f62
(mariadb-10.2.42)
NOTE: According to upstream same fix than CVE-2022-24051, CVE-2022-24048
CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege
Escalation Vuln ...)
- mariadb-10.6 1:10.6.7-1
@@ -197068,7 +197068,7 @@ CVE-2022-24051 (MariaDB CONNECT Storage Engine Format
String Privilege Escalatio
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24048
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
- NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
+ NOTE: Fixed by:
https://github.com/MariaDB/server/commit/2925d0f2ee9847c1dcec9c3650ab2c71697a1f62
(mariadb-10.2.42)
CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege
Escalation Vul ...)
- mariadb-10.6 1:10.6.7-1
- mariadb-10.5 <removed>
@@ -197077,7 +197077,7 @@ CVE-2022-24050 (MariaDB CONNECT Storage Engine
Use-After-Free Privilege Escalati
[buster] - mariadb-10.3 1:10.3.34-0+deb10u1
NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
- NOTE: Commit https://github.com/MariaDB/server/commit/8afcda930983
+ NOTE: Fixed by:
https://github.com/MariaDB/server/commit/8afcda9309832f44a9ba27aaf16d08a0357c0880
(mariadb-10.2.42)
CVE-2022-24049 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Sonos One Speaker
CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow
Privilege E ...)
@@ -197090,7 +197090,7 @@ CVE-2022-24048 (MariaDB CONNECT Storage Engine
Stack-based Buffer Overflow Privi
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24051
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
- NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
+ NOTE: Fixed by:
https://github.com/MariaDB/server/commit/2925d0f2ee9847c1dcec9c3650ab2c71697a1f62
(mariadb-10.2.42)
CVE-2022-24047 (This vulnerability allows remote attackers to bypass
authentication on ...)
NOT-FOR-US: BMC Track-It!
CVE-2022-24046 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
@@ -212780,8 +212780,8 @@ CVE-2022-21427 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mariadb-10.5 1:10.5.8-1
- mariadb-10.3 <removed>
NOTE: Fixed in MariaDB: 10.5.7, 10.4.25, 10.3.35, 10.2.44
- NOTE: MariaBD byg: https://jira.mariadb.org/browse/MDEV-11241
- NOTE: commit https://github.com/MariaDB/server/commit/5e5feb84b621
+ NOTE: MariaDB byg: https://jira.mariadb.org/browse/MDEV-11241
+ NOTE: Fixed by:
https://github.com/MariaDB/server/commit/5e5feb84b6211f6fe9bbed767512b7b944f59ec9
(mariadb-10.2.42)
CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise
Edition ...)
{DSA-5131-1 DSA-5128-1 DLA-3006-1}
- openjdk-8 8u332-ga-1
@@ -236560,8 +236560,8 @@ CVE-2021-35604 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
- mysql-5.7 <removed>
NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-26864
- NOTE: MariaDB commit
https://github.com/MariaDB/server/commit/c484a358c897
- NOTE: MySQL commit
https://github.com/mysql/mysql-server/commit/ac79aa1522f33e6eb912133a81fa2614db764c9c
+ NOTE: MariaDB commit:
https://github.com/MariaDB/server/commit/c484a358c897413be390d03bdcb8dc4d70c7d1c3
(mariadb-10.2.41)
+ NOTE: MySQL commit:
https://github.com/mysql/mysql-server/commit/ac79aa1522f33e6eb912133a81fa2614db764c9c
CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise
Edition produc ...)
{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d0969a3b84b20de9fa8db250317477d313a0e5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d0969a3b84b20de9fa8db250317477d313a0e5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
