[Git][security-tracker-team/security-tracker][master] Add upstream tag information for some CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 30 13:39:06 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30d0969a by Salvatore Bonaccorso at 2024-07-30T14:38:34+02:00
Add upstream tag information for some CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -197055,7 +197055,7 @@ CVE-2022-24052 (MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privil
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/
 	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
-	NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
+	NOTE: Fixed by: https://github.com/MariaDB/server/commit/2925d0f2ee9847c1dcec9c3650ab2c71697a1f62 (mariadb-10.2.42)
 	NOTE: According to upstream same fix than CVE-2022-24051, CVE-2022-24048
 CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege Escalation Vuln ...)
 	- mariadb-10.6 1:10.6.7-1
@@ -197068,7 +197068,7 @@ CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege Escalatio
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/
 	NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24048
 	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
-	NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
+	NOTE: Fixed by: https://github.com/MariaDB/server/commit/2925d0f2ee9847c1dcec9c3650ab2c71697a1f62 (mariadb-10.2.42)
 CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vul ...)
 	- mariadb-10.6 1:10.6.7-1
 	- mariadb-10.5 <removed>
@@ -197077,7 +197077,7 @@ CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalati
 	[buster] - mariadb-10.3 1:10.3.34-0+deb10u1
 	NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/
-	NOTE: Commit https://github.com/MariaDB/server/commit/8afcda930983
+	NOTE: Fixed by: https://github.com/MariaDB/server/commit/8afcda9309832f44a9ba27aaf16d08a0357c0880 (mariadb-10.2.42)
 CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Sonos One Speaker
 CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege E ...)
@@ -197090,7 +197090,7 @@ CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privi
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/
 	NOTE: According to upstream same fix than CVE-2022-24052, CVE-2022-24051
 	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-27612
-	NOTE: Commit https://github.com/MariaDB/server/commit/2925d0f2ee
+	NOTE: Fixed by: https://github.com/MariaDB/server/commit/2925d0f2ee9847c1dcec9c3650ab2c71697a1f62 (mariadb-10.2.42)
 CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...)
 	NOT-FOR-US: BMC Track-It!
 CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -212780,8 +212780,8 @@ CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mariadb-10.5 1:10.5.8-1
 	- mariadb-10.3 <removed>
 	NOTE: Fixed in MariaDB: 10.5.7, 10.4.25, 10.3.35, 10.2.44
-	NOTE: MariaBD byg: https://jira.mariadb.org/browse/MDEV-11241
-	NOTE: commit https://github.com/MariaDB/server/commit/5e5feb84b621
+	NOTE: MariaDB byg: https://jira.mariadb.org/browse/MDEV-11241
+	NOTE: Fixed by: https://github.com/MariaDB/server/commit/5e5feb84b6211f6fe9bbed767512b7b944f59ec9 (mariadb-10.2.42)
 CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...)
 	{DSA-5131-1 DSA-5128-1 DLA-3006-1}
 	- openjdk-8 8u332-ga-1
@@ -236560,8 +236560,8 @@ CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 	- mysql-5.7 <removed>
 	NOTE: Fixed in MariaDB: 10.5.13, 10.3.32
 	NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-26864
-	NOTE: MariaDB commit https://github.com/MariaDB/server/commit/c484a358c897
-	NOTE: MySQL commit https://github.com/mysql/mysql-server/commit/ac79aa1522f33e6eb912133a81fa2614db764c9c
+	NOTE: MariaDB commit: https://github.com/MariaDB/server/commit/c484a358c897413be390d03bdcb8dc4d70c7d1c3 (mariadb-10.2.41)
+	NOTE: MySQL commit: https://github.com/mysql/mysql-server/commit/ac79aa1522f33e6eb912133a81fa2614db764c9c
 CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
 	{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
 	- openjdk-17 17.0.1+12-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d0969a3b84b20de9fa8db250317477d313a0e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30d0969a3b84b20de9fa8db250317477d313a0e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/e458653d/attachment.htm>

More information about the debian-security-tracker-commits mailing list