[Git][security-tracker-team/security-tracker][master] Add CVEs for iotjs
Neil Williams (@codehelp)
codehelp at debian.org
Mon Jan 24 11:57:39 GMT 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b40f10f8 by Neil Williams at 2022-01-24T11:56:34+00:00
Add CVEs for iotjs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1482,37 +1482,67 @@ CVE-2021-46353
CVE-2021-46352
RESERVED
CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940
CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936
CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...)
- TODO: check
+ - iotjs <unfixed> (bug #1004288)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937
CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...)
- TODO: check
+ - iotjs <unfixed> (bug #1004288)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941
CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938
CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...)
- TODO: check
+ - iotjs <unfixed> (bug #1004288)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939
CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920
CVE-2021-46344 (There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' fa ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928
CVE-2021-46343 (There is an Assertion 'context_p->token.type == LEXER_LITERAL' fail ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921
CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934
CVE-2021-46341
RESERVED
CVE-2021-46340 (There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY ...)
- TODO: check
+ - iotjs <unfixed> (bug #1004288)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924
CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...)
- TODO: check
+ - iotjs <undetermined>
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935
CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...)
- TODO: check
+ - iotjs <unfixed> (bug #1004288)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900
CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930
CVE-2021-46336 (There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' f ...)
- TODO: check
+ - iotjs <not-affected> (Vulnerable code not yet introduced)
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927
CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...)
NOT-FOR-US: Moddable SDK
CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b40f10f87490e2bea3981cf606c13f31ed814162
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b40f10f87490e2bea3981cf606c13f31ed814162
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220124/355ca720/attachment.htm>
More information about the debian-security-tracker-commits
mailing list