[Git][security-tracker-team/security-tracker][master] Reserve DLA-3230-1 for jqueryui

Wed Dec 7 10:04:33 GMT 2022


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
858d86a3 by Utkarsh Gupta at 2022-12-07T15:34:10+05:30
Reserve DLA-3230-1 for jqueryui

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -45119,7 +45119,6 @@ CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepa
 CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...)
 	- jqueryui 1.13.2+dfsg-1 (bug #1015982)
 	[bullseye] - jqueryui <no-dsa> (Minor issue)
-	[buster] - jqueryui <no-dsa> (Minor issue)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
 	NOTE: https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9 (1.13.2)
 CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with Amazon Web S ...)
@@ -91490,7 +91489,6 @@ CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An
 CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-	[buster] - jqueryui <no-dsa> (Minor issue)
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -91504,7 +91502,6 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior t
 	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-	[buster] - jqueryui <no-dsa> (Minor issue)
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -91520,7 +91517,6 @@ CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior t
 	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
-	[buster] - jqueryui <no-dsa> (Minor issue)
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	- otrs2 6.3.1-1
 	[bullseye] - otrs2 <no-dsa> (Non-free not supported)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Dec 2022] DLA-3230-1 jqueryui - security update
+	{CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-31160}
+	[buster] - jqueryui 1.12.1+dfsg-5+deb10u1
 [07 Dec 2022] DLA-3229-1 node-log4js - security update
 	{CVE-2022-21704}
 	[buster] - node-log4js 4.0.2-2+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -90,13 +90,6 @@ imagemagick (Roberto C. Sánchez)
   NOTE: 20220904: VCS: https://salsa.debian.org/lts-team/packages/imagemagick.git
   NOTE: 20220904: Should be synced with Stretch. (apo)
 --
-jqueryui (Utkarsh Gupta)
-  NOTE: 20221111: Programming language: JavaScript.
-  NOTE: 20221111: Follow fixes from bullseye 11.2 (and jessie/elts) (Beuc/front-desk)
-  NOTE: 20221204: update already prepared for buster, as doing for stretch.
-  NOTE: 20221204: forgot to claim it in dla-needed, e-mailed Markus now. (utkarsh)
-  NOTE: 20221204: currently, testing the update with Yadd. (utkarsh)
---
 kopanocore
   NOTE: 20220801: Programming language: C++.
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973) (gusnan/retired)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/858d86a38e10419ae1ba08fd027a4b8a266634e1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/858d86a38e10419ae1ba08fd027a4b8a266634e1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221207/eaf0f7cb/attachment-0001.htm>
