[Git][security-tracker-team/security-tracker][master] Track drupal7 issues affected by the embedded copy of jqueryui

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 19 20:19:26 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b1c6effb by Salvatore Bonaccorso at 2022-01-19T21:18:31+01:00
Track drupal7 issues affected by the embedded copy of jqueryui

Link: https://www.drupal.org/sa-core-2022-001
Link: https://www.drupal.org/sa-core-2022-002

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20845,18 +20845,22 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327
 	NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
 CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4
 	NOTE: https://bugs.jqueryui.com/ticket/15284
 	NOTE: https://github.com/jquery/jquery-ui/pull/1953
+	NOTE: https://www.drupal.org/sa-core-2022-001
 CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...)
+	- drupal7 <removed>
 	- jqueryui 1.13.0+dfsg-1
 	[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
 	[stretch] - jqueryui <no-dsa> (Minor issue)
 	NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc
 	NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2021-41181
 	RESERVED
 CVE-2021-41180
@@ -325897,6 +325901,7 @@ CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Con
 	NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
 	NOTE: https://mantisbt.org/bugs/view.php?id=21263
 CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...)
+	- drupal7 <removed>
 	- jqueryui 1.12.1+dfsg-1
 	[jessie] - jqueryui <no-dsa> (Minor issue)
 	[wheezy] - jqueryui <no-dsa> (Minor issue)
@@ -325904,6 +325909,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12
 	NOTE: https://github.com/jquery/jquery-ui/pull/1622
 	NOTE: https://github.com/jquery/jquery-ui/pull/1632
 	NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
 	{DSA-3663-1 DLA-614-1}
 	- xen 4.8.0~rc3-1
@@ -377343,10 +377349,12 @@ CVE-2013-7410
 	RESERVED
 CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
 	{DSA-3249-1 DLA-258-1}
+	- drupal7 <removed>
 	- jqueryui 1.10.1+dfsg-1
 	- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
 	NOTE: http://bugs.jqueryui.com/ticket/6016
 	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
+	NOTE: https://www.drupal.org/sa-core-2022-002
 CVE-2010-5311
 	RESERVED
 CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU bi ...)


=====================================
data/DLA/list
=====================================
@@ -1,4 +1,5 @@
 [19 Jan 2022] DLA-2889-1 drupal7 - security update
+	{CVE-2016-7103 CVE-2010-5312 CVE-2021-41182 CVE-2021-41183}
 	[stretch] - drupal7 7.52-2+deb9u17
 [18 Jan 2022] DLA-2888-1 nvidia-graphics-drivers - security update
 	{CVE-2021-1056 CVE-2021-1076 CVE-2021-1093 CVE-2021-1094 CVE-2021-1095}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1c6effb287b11ea7df9218713fd1abeaca47722

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1c6effb287b11ea7df9218713fd1abeaca47722
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220119/fd4f652c/attachment.htm>

More information about the debian-security-tracker-commits mailing list