[Git][security-tracker-team/security-tracker][master] Add more (potential) iotjs issues (embedding jerryscript)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 15 20:18:53 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76453146 by Salvatore Bonaccorso at 2021-06-15T21:18:23+02:00
Add more (potential) iotjs issues (embedding jerryscript)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -57441,15 +57441,20 @@ CVE-2020-23325
 CVE-2020-23324
 	RESERVED
 CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871
 CVE-2020-23322 (There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRAC ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869
 CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870
 CVE-2020-23320 (There is an Assertion in 'context_p->next_scanner_info_p->type = ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835
 CVE-2020-23319 (There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) > ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834
 CVE-2020-23318
 	RESERVED
 CVE-2020-23317
@@ -57459,31 +57464,41 @@ CVE-2020-23316
 CVE-2020-23315
 	RESERVED
 CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825
 CVE-2020-23313 (There is an Assertion 'scope_stack_p > context_p->scope_stack_p' ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823
 CVE-2020-23312 (There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCC ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824
 CVE-2020-23311 (There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE | ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822
 CVE-2020-23310 (There is an Assertion 'context_p->next_scanner_info_p->type == S ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821
 CVE-2020-23309 (There is an Assertion 'context_p->stack_depth == context_p->cont ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820
 CVE-2020-23308 (There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSI ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819
 CVE-2020-23307
 	RESERVED
 CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753
 CVE-2020-23305
 	RESERVED
 CVE-2020-23304
 	RESERVED
 CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749
 CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...)
-	TODO: check
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748
 CVE-2020-23301
 	RESERVED
 CVE-2020-23300



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76453146d0815081682f14d2e1271c737a93adc5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76453146d0815081682f14d2e1271c737a93adc5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210615/6bfca48b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list