Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: b1c6effb by Salvatore Bonaccorso at 2022-01-19T21:18:31+01:00 Track drupal7 issues affected by the embedded copy of jqueryui Link: https://www.drupal.org/sa-core-2022-001 Link: https://www.drupal.org/sa-core-2022-002 - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: ===================================== data/CVE/list ===================================== @@ -20845,18 +20845,22 @@ CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior t NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + - drupal7 <removed> - jqueryui 1.13.0+dfsg-1 [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 [stretch] - jqueryui <no-dsa> (Minor issue) NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 NOTE: https://bugs.jqueryui.com/ticket/15284 NOTE: https://github.com/jquery/jquery-ui/pull/1953 + NOTE: https://www.drupal.org/sa-core-2022-001 CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + - drupal7 <removed> - jqueryui 1.13.0+dfsg-1 [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 [stretch] - jqueryui <no-dsa> (Minor issue) NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce + NOTE: https://www.drupal.org/sa-core-2022-002 CVE-2021-41181 RESERVED CVE-2021-41180 @@ -325897,6 +325901,7 @@ CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Con NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229 NOTE: https://mantisbt.org/bugs/view.php?id=21263 CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 mi ...) + - drupal7 <removed> - jqueryui 1.12.1+dfsg-1 [jessie] - jqueryui <no-dsa> (Minor issue) [wheezy] - jqueryui <no-dsa> (Minor issue) @@ -325904,6 +325909,7 @@ CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12 NOTE: https://github.com/jquery/jquery-ui/pull/1622 NOTE: https://github.com/jquery/jquery-ui/pull/1632 NOTE: https://github.com/jquery/api.jqueryui.com/issues/281 + NOTE: https://www.drupal.org/sa-core-2022-002 CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...) {DSA-3663-1 DLA-614-1} - xen 4.8.0~rc3-1 @@ -377343,10 +377349,12 @@ CVE-2013-7410 RESERVED CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...) {DSA-3249-1 DLA-258-1} + - drupal7 <removed> - jqueryui 1.10.1+dfsg-1 - owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed) NOTE: http://bugs.jqueryui.com/ticket/6016 NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 + NOTE: https://www.drupal.org/sa-core-2022-002 CVE-2010-5311 RESERVED CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU bi ...) ===================================== data/DLA/list ===================================== @@ -1,4 +1,5 @@ [19 Jan 2022] DLA-2889-1 drupal7 - security update + {CVE-2016-7103 CVE-2010-5312 CVE-2021-41182 CVE-2021-41183} [stretch] - drupal7 7.52-2+deb9u17 [18 Jan 2022] DLA-2888-1 nvidia-graphics-drivers - security update {CVE-2021-1056 CVE-2021-1076 CVE-2021-1093 CVE-2021-1094 CVE-2021-1095} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1c6effb287b11ea7df9218713fd1abeaca47722 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b1c6effb287b11ea7df9218713fd1abeaca47722 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
