[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-2372 add a note about first commit
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 1 17:42:48 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a6a7028 by Bastien Roucariès at 2024-10-31T22:56:24+00:00
CVE-2021-2372 add a note about first commit
- - - - -
8840e846 by Bastien Roucariès at 2024-10-31T22:56:42+00:00
CVE-2022-38791/mariadb
Add more information about this CVE:
- related commit
- commit that fix this CVE
- - - - -
6a71837d by Salvatore Bonaccorso at 2024-11-01T17:42:40+00:00
Merge branch 'mariadb-triage' into 'master'
mariadb triage
See merge request security-tracker-team/security-tracker!194
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -177047,8 +177047,12 @@ CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1
- mariadb-10.3 <removed>
- NOTE: https://jira.mariadb.org/browse/MDEV-28719
+ NOTE: MariaDB bug: https://jira.mariadb.org/browse/MDEV-28719
NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9
+ NOTE: MariaDB commit https://github.com/MariaDB/server/commit/91d5fffa0796b8208c3d6633c8f296da8914af4d (mariadb-10.3.36)
+ NOTE: MariaDB related to previous commit incompletly fixing the issue https://github.com/MariaDB/server/commit/863c3eda872b19f70ce6045119bf621584e1312d (mariadb-10.3.36)
+ NOTE: MariaDB bug for incomplete fix: https://jira.mariadb.org/browse/MDEV-28689
+ NOTE: MariaDB duplicate bug for incomplete fix: https://jira.mariadb.org/browse/MDEV-28690
CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting ( ...)
NOT-FOR-US: Weave GitOps Enterprise
CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It a ...)
@@ -302016,6 +302020,8 @@ CVE-2021-2372 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
- mysql-5.7 <removed>
- mysql-8.0 8.0.29-1
NOTE: Fixed in MariaDB 10.5.12, 10.3.31
+ NOTE: Introduced by https://github.com/MariaDB/server/commit/2e814d4702d71a04388386a9f591d14a35980bfe (mariadb-10.2.2)
+ NOTE: hash_table_t* page_hash_old logic that lead the race condition was introduced by InnoDB 5.7 sync from mysql-5.7.9
NOTE: Commit MariaDB: https://github.com/MariaDB/server/commit/c4295b9be90df2dd8f9056fec187f3e991f498c4 (mariadb-10.2.40)
NOTE: Commit MySQL: https://github.com/mysql/mysql-server/commit/ea3adc6a1192e1bca4b4894fd7037e29fbcf0bd0
CVE-2021-2371 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4bee5373503fd90a58ad02375a570529b5c75d3...6a71837d56ce06bb12c34b61c7f504810aba7f88
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c4bee5373503fd90a58ad02375a570529b5c75d3...6a71837d56ce06bb12c34b61c7f504810aba7f88
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241101/5e5cf4d0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list