[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-2372 add a note about first commit

Fri, 01 Nov 2024 10:42:56 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1a6a7028 by Bastien Roucariès at 2024-10-31T22:56:24+00:00
CVE-2021-2372 add a note about first commit

- - - - -
8840e846 by Bastien Roucariès at 2024-10-31T22:56:42+00:00
CVE-2022-38791/mariadb

Add more information about this CVE:
- related commit
- commit that fix this CVE

- - - - -
6a71837d by Salvatore Bonaccorso at 2024-11-01T17:42:40+00:00
Merge branch 'mariadb-triage' into 'master'

mariadb triage

See merge request security-tracker-team/security-tracker!194
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -177047,8 +177047,12 @@ CVE-2022-38791 (In MariaDB before 10.9.2, 
compress_write in extra/mariabackup/ds
        - mariadb-10.5 <removed>
        [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
        - mariadb-10.3 <removed>
-       NOTE: https://jira.mariadb.org/browse/MDEV-28719
+       NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-28719
        NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9
+       NOTE: MariaDB commit 
https://github.com/MariaDB/server/commit/91d5fffa0796b8208c3d6633c8f296da8914af4d
 (mariadb-10.3.36)
+       NOTE: MariaDB related to previous commit incompletly fixing the issue 
https://github.com/MariaDB/server/commit/863c3eda872b19f70ce6045119bf621584e1312d
 (mariadb-10.3.36)
+       NOTE: MariaDB bug for incomplete fix: 
https://jira.mariadb.org/browse/MDEV-28689
+       NOTE: MariaDB duplicate bug for incomplete fix: 
https://jira.mariadb.org/browse/MDEV-28690
 CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site 
scripting ( ...)
        NOT-FOR-US: Weave GitOps Enterprise
 CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 
2020-08-04. It a ...)
@@ -302016,6 +302020,8 @@ CVE-2021-2372 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compon
        - mysql-5.7 <removed>
        - mysql-8.0 8.0.29-1
        NOTE: Fixed in MariaDB 10.5.12, 10.3.31
+       NOTE: Introduced by 
https://github.com/MariaDB/server/commit/2e814d4702d71a04388386a9f591d14a35980bfe
 (mariadb-10.2.2)
+       NOTE: hash_table_t* page_hash_old logic that lead the race condition 
was introduced by InnoDB 5.7 sync from mysql-5.7.9
        NOTE: Commit MariaDB: 
https://github.com/MariaDB/server/commit/c4295b9be90df2dd8f9056fec187f3e991f498c4
 (mariadb-10.2.40)
        NOTE: Commit MySQL: 
https://github.com/mysql/mysql-server/commit/ea3adc6a1192e1bca4b4894fd7037e29fbcf0bd0
 CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion 
Middlew ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4bee5373503fd90a58ad02375a570529b5c75d3...6a71837d56ce06bb12c34b61c7f504810aba7f88

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4bee5373503fd90a58ad02375a570529b5c75d3...6a71837d56ce06bb12c34b61c7f504810aba7f88
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to