[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-23221 and CVE-2021-42392,h2database as fixed in unstable

Markus Koschany (@apo) apo at debian.org
Sat Feb 12 21:08:20 GMT 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
449e8fd7 by Markus Koschany at 2022-02-12T21:19:11+01:00
Mark CVE-2022-23221 and CVE-2021-42392,h2database as fixed in unstable

CVE-2021-23463,h2database not affected because the method is not supported/used
in older releases.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5624,7 +5624,7 @@ CVE-2022-23224
 CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...)
 	NOT-FOR-US: Apache ShenYu Admin
 CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...)
-	- h2database <unfixed>
+	- h2database 2.1.210-1
 	NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210
 CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...)
 	{DSA-5052-1}
@@ -23022,7 +23022,7 @@ CVE-2020-36487
 CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain  ...)
 	NOT-FOR-US: Swift File Transfer Mobile
 CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
-	- h2database <unfixed> (bug #1003894)
+	- h2database 2.1.210-1 (bug #1003894)
 	NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
 	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
 CVE-2021-42391
@@ -70401,7 +70401,7 @@ CVE-2021-23465
 CVE-2021-23464
 	RESERVED
 CVE-2021-23463 (The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...)
-	- h2database <unfixed>
+	- h2database <not-affected> (vulnerable method is not supported)
 	NOTE: https://github.com/h2database/h2database/issues/3195
 	NOTE: https://github.com/h2database/h2database/pull/3199
 	TODO: check, might not affect versions in Debian



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/449e8fd7711477e579f117a9e3f903c18b389c9d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/449e8fd7711477e579f117a9e3f903c18b389c9d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220212/58e2fde8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list