[Git][security-tracker-team/security-tracker][master] iotjs removed
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Aug 13 20:01:33 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5772161b by Moritz Mühlenhoff at 2022-08-13T21:00:48+02:00
iotjs removed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42226,13 +42226,13 @@ CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at j
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936
CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...)
- - iotjs <unfixed> (bug #1004288)
+ - iotjs <removed> (bug #1004288)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937
CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...)
- - iotjs <unfixed> (bug #1004288)
+ - iotjs <removed> (bug #1004288)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961
@@ -42242,7 +42242,7 @@ CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (o
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938
CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
- - iotjs <unfixed> (bug #1004288)
+ - iotjs <removed> (bug #1004288)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
@@ -42266,7 +42266,7 @@ CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !e
CVE-2021-46341
RESERVED
CVE-2021-46340 (There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY ...)
- - iotjs <unfixed> (bug #1004288)
+ - iotjs <removed> (bug #1004288)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964
@@ -42275,7 +42275,7 @@ CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, stri
NOTE: Not considered a security issue by iotjs project
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935
CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...)
- - iotjs <unfixed> (bug #1004288)
+ - iotjs <removed> (bug #1004288)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943
@@ -43733,37 +43733,37 @@ CVE-2022-22897
CVE-2022-22896
RESERVED
CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...)
- - iotjs <unfixed> (bug #1004298)
+ - iotjs <removed> (bug #1004298)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882
CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
- - iotjs <unfixed> (bug #1004298)
+ - iotjs <removed> (bug #1004298)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899
CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...)
- - iotjs <unfixed> (bug #1004298)
+ - iotjs <removed> (bug #1004298)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945
CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...)
- - iotjs <unfixed> (bug #1004298)
+ - iotjs <removed> (bug #1004298)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878
CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...)
- - iotjs <unfixed> (bug #1004298)
+ - iotjs <removed> (bug #1004298)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885
CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...)
- - iotjs <unfixed> (bug #1004298)
+ - iotjs <removed> (bug #1004298)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849
@@ -43771,7 +43771,7 @@ CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESE
CVE-2022-22889
RESERVED
CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...)
- - iotjs <unfixed> (bug #1004298)
+ - iotjs <removed> (bug #1004298)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877
@@ -44146,7 +44146,7 @@ CVE-2021-46172
CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...)
NOT-FOR-US: Modex
CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...)
- - iotjs <unfixed> (bug #1015219)
+ - iotjs <removed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917
@@ -56214,7 +56214,7 @@ CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via
CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...)
NOT-FOR-US: AnyTXT Searcher for Windows
CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...)
- - iotjs <unfixed> (bug #1015219)
+ - iotjs <removed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808
@@ -58730,7 +58730,7 @@ CVE-2021-42865
CVE-2021-42864
RESERVED
CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...)
- - iotjs <unfixed> (bug #1015219)
+ - iotjs <removed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793
@@ -62335,7 +62335,7 @@ CVE-2021-41961
CVE-2021-41960
RESERVED
CVE-2021-41959 (JerryScript Git version 14ff5bf does not sufficiently track and releas ...)
- - iotjs <unfixed> (bug #1015219)
+ - iotjs <removed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4781
@@ -62905,7 +62905,7 @@ CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication
CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4779
CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...)
- - iotjs <unfixed> (bug #1015219)
+ - iotjs <removed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797
@@ -63074,12 +63074,12 @@ CVE-2021-41685
CVE-2021-41684
RESERVED
CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...)
- - iotjs <unfixed> (bug #1015219)
+ - iotjs <removed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4745
CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...)
- - iotjs <unfixed> (bug #1015219)
+ - iotjs <removed> (bug #1015219)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4747
@@ -102400,29 +102400,29 @@ CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vuln
CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...)
NOT-FOR-US: Library System
CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056
CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402
CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403
CVE-2021-26196
RESERVED
CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442
CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445
@@ -121345,7 +121345,7 @@ CVE-2020-29659 (A buffer overflow in the web server of Flexense DupScout Enterpr
CVE-2020-29658 (Zoho ManageEngine Application Control Plus before 100523 has an insecu ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...)
- - iotjs <unfixed> (bug #977736; unimportant)
+ - iotjs <removed> (bug #977736; unimportant)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244
NOTE: Does not affect code built in into the library
CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Download Ma ...)
@@ -138704,7 +138704,7 @@ CVE-2020-24346 (njs through 0.4.3, used in NGINX, has a use-after-free in njs_js
CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via ...)
NOTE: Disputed JerryScript issue
CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...)
- - iotjs <unfixed> (bug #988213)
+ - iotjs <removed> (bug #988213)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976
@@ -140848,27 +140848,27 @@ CVE-2020-23325
CVE-2020-23324
RESERVED
CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871
CVE-2020-23322 (There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRAC ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869
CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870
CVE-2020-23320 (There is an Assertion in 'context_p->next_scanner_info_p->type = ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835
CVE-2020-23319 (There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) > ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834
@@ -140881,44 +140881,44 @@ CVE-2020-23316
CVE-2020-23315 (There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldReg ...)
NOT-FOR-US: Microsoft
CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825
CVE-2020-23313 (There is an Assertion 'scope_stack_p > context_p->scope_stack_p' ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823
CVE-2020-23312 (There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCC ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824
CVE-2020-23311 (There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE | ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822
CVE-2020-23310 (There is an Assertion 'context_p->next_scanner_info_p->type == S ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821
CVE-2020-23309 (There is an Assertion 'context_p->stack_depth == context_p->cont ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820
CVE-2020-23308 (There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSI ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819
CVE-2020-23307
RESERVED
CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753
@@ -140927,12 +140927,12 @@ CVE-2020-23305
CVE-2020-23304
RESERVED
CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749
CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...)
- - iotjs <unfixed> (bug #989991)
+ - iotjs <removed> (bug #989991)
[bullseye] - iotjs <no-dsa> (Minor issue)
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5772161b4e0c095f9b3f6612da1b135ae280e426
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5772161b4e0c095f9b3f6612da1b135ae280e426
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220813/9cc5e414/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list