Track drupal7 issues affected by the embedded copy of jqueryui

Link: https://www.drupal.org/sa-core-2022-001
Link: https://www.drupal.org/sa-core-2022-002

4 files changed, 9 insertions, 0 deletions

diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 8f778de65a..ebbc8ae738 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -76,10 +76,12 @@ CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1)
 CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
 	{DSA-3249-1 DLA-258-1}
+	- drupal7 <removed>
 	- jqueryui 1.10.1+dfsg-1
 	- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
 	NOTE: http://bugs.jqueryui.com/ticket/6016
 	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2010-5311
 	RESERVED
 CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index a77257c409..1c82b6332d 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -11733,6 +11733,7 @@ CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Con
 	NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
 	NOTE: https://mantisbt.org/bugs/view.php?id=21263
 CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...)
+	- drupal7 <removed>
 	- jqueryui 1.12.1+dfsg-1
 	[jessie] - jqueryui <no-dsa> (Minor issue)
 	[wheezy] - jqueryui <no-dsa> (Minor issue)
@@ -11740,6 +11741,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12
 	NOTE: https://github.com/jquery/jquery-ui/pull/1622
 	NOTE: https://github.com/jquery/jquery-ui/pull/1632
 	NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
 	{DSA-3663-1 DLA-614-1}
 	- xen 4.8.0~rc3-1
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index a09a67135b..35835a6f44 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -13033,18 +13033,22 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
 	NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
 CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
 	NOTE: https://bugs.jqueryui.com/ticket/15284
 	NOTE: https://github.com/jquery/jquery-ui/pull/1953
+	NOTE: https://www.drupal.org/sa-core-2022-001
 CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
 	NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2021-41181
 	RESERVED
 CVE-2021-41180
diff --git a/data/DLA/list b/data/DLA/list
index b18a809fa9..a21c443b17 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,4 +1,5 @@
 [19 Jan 2022] DLA-2889-1 drupal7 - security update
+	{CVE-2016-7103 CVE-2010-5312 CVE-2021-41182 CVE-2021-41183}
 	[stretch] - drupal7 7.52-2+deb9u17
 [18 Jan 2022] DLA-2888-1 nvidia-graphics-drivers - security update
 	{CVE-2021-1056 CVE-2021-1076 CVE-2021-1093 CVE-2021-1094 CVE-2021-1095}