From eb15c04aa85a21468896b5753a868242af9192c6 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 19 Jan 2022 21:18:31 +0100 Subject: Track drupal7 issues affected by the embedded copy of jqueryui Link: https://www.drupal.org/sa-core-2022-001 Link: https://www.drupal.org/sa-core-2022-002 --- data/CVE/2010.list | 2 ++ data/CVE/2016.list | 2 ++ data/CVE/2021.list | 4 ++++ data/DLA/list | 1 + 4 files changed, 9 insertions(+) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 8f778de65a..ebbc8ae738 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -76,10 +76,12 @@ CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1) CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...) {DSA-3249-1 DLA-258-1} + - drupal7 - jqueryui 1.10.1+dfsg-1 - owncloud (embedded copy, bug #722500, of version 1.10.1, already fixed) NOTE: http://bugs.jqueryui.com/ticket/6016 NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 + NOTE: https://www.drupal.org/sa-core-2022-002 CVE-2010-5311 RESERVED CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst] diff --git a/data/CVE/2016.list b/data/CVE/2016.list index a77257c409..1c82b6332d 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -11733,6 +11733,7 @@ CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Con NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229 NOTE: https://mantisbt.org/bugs/view.php?id=21263 CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...) + - drupal7 - jqueryui 1.12.1+dfsg-1 [jessie] - jqueryui (Minor issue) [wheezy] - jqueryui (Minor issue) @@ -11740,6 +11741,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12 NOTE: https://github.com/jquery/jquery-ui/pull/1622 NOTE: https://github.com/jquery/jquery-ui/pull/1632 NOTE: https://github.com/jquery/api.jqueryui.com/issues/281 + NOTE: https://www.drupal.org/sa-core-2022-002 CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...) {DSA-3663-1 DLA-614-1} - xen 4.8.0~rc3-1 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index a09a67135b..35835a6f44 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -13033,18 +13033,22 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + - drupal7 - jqueryui 1.13.0+dfsg-1 [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 [stretch] - jqueryui (Minor issue) NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 NOTE: https://bugs.jqueryui.com/ticket/15284 NOTE: https://github.com/jquery/jquery-ui/pull/1953 + NOTE: https://www.drupal.org/sa-core-2022-001 CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + - drupal7 - jqueryui 1.13.0+dfsg-1 [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 [stretch] - jqueryui (Minor issue) NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce + NOTE: https://www.drupal.org/sa-core-2022-002 CVE-2021-41181 RESERVED CVE-2021-41180 diff --git a/data/DLA/list b/data/DLA/list index b18a809fa9..a21c443b17 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,4 +1,5 @@ [19 Jan 2022] DLA-2889-1 drupal7 - security update + {CVE-2016-7103 CVE-2010-5312 CVE-2021-41182 CVE-2021-41183} [stretch] - drupal7 7.52-2+deb9u17 [18 Jan 2022] DLA-2888-1 nvidia-graphics-drivers - security update {CVE-2021-1056 CVE-2021-1076 CVE-2021-1093 CVE-2021-1094 CVE-2021-1095} -- cgit v1.2.3