[Git][security-tracker-team/security-tracker][master] new h2database issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6da7af6b by Moritz Muehlenhoff at 2022-01-17T11:48:22+01:00
new h2database issue
new tripleo issue (removed)
concludes external check

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4330,6 +4330,8 @@ CVE-2021-45733
 	RESERVED
 CVE-2021-4180
 	RESERVED
+	- tripleo-heat-templates <removed>
+	NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397
 CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
 	NOT-FOR-US: livehelperchat
 CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...)
@@ -17040,7 +17042,9 @@ CVE-2020-36487
 CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain  ...)
 	NOT-FOR-US: Swift File Transfer Mobile
 CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...)
-	TODO: check
+	- h2database <unfixed>
+	NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
+	NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
 CVE-2021-42391
 	RESERVED
 CVE-2021-42390



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6da7af6b2e20798fcc2b1f101ed64329944fdfbe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6da7af6b2e20798fcc2b1f101ed64329944fdfbe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220117/14ab9780/attachment-0001.htm>