Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
858d86a3 by Utkarsh Gupta at 2022-12-07T15:34:10+05:30
Reserve DLA-3230-1 for jqueryui
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -45119,7 +45119,6 @@ CVE-2022-31161 (Roxy-WI is a Web interface for managing
HAProxy, Nginx and Keepa
CVE-2022-31160 (jQuery UI is a curated set of user interface interactions,
effects, wi ...)
- jqueryui 1.13.2+dfsg-1 (bug #1015982)
[bullseye] - jqueryui <no-dsa> (Minor issue)
- [buster] - jqueryui <no-dsa> (Minor issue)
NOTE:
https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9
NOTE:
https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9
(1.13.2)
CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with
Amazon Web S ...)
@@ -91490,7 +91489,6 @@ CVE-2021-41185 (Mycodo is an environmental monitoring
and regulation system. An
CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior
to vers ...)
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
- [buster] - jqueryui <no-dsa> (Minor issue)
[stretch] - jqueryui <no-dsa> (Minor issue)
- otrs2 6.3.1-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -91504,7 +91502,6 @@ CVE-2021-41183 (jQuery-UI is the official jQuery user
interface library. Prior t
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
- [buster] - jqueryui <no-dsa> (Minor issue)
[stretch] - jqueryui <no-dsa> (Minor issue)
- otrs2 6.3.1-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
@@ -91520,7 +91517,6 @@ CVE-2021-41182 (jQuery-UI is the official jQuery user
interface library. Prior t
- drupal7 <removed>
- jqueryui 1.13.0+dfsg-1
[bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1
- [buster] - jqueryui <no-dsa> (Minor issue)
[stretch] - jqueryui <no-dsa> (Minor issue)
- otrs2 6.3.1-1
[bullseye] - otrs2 <no-dsa> (Non-free not supported)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Dec 2022] DLA-3230-1 jqueryui - security update
+ {CVE-2021-41182 CVE-2021-41183 CVE-2021-41184 CVE-2022-31160}
+ [buster] - jqueryui 1.12.1+dfsg-5+deb10u1
[07 Dec 2022] DLA-3229-1 node-log4js - security update
{CVE-2022-21704}
[buster] - node-log4js 4.0.2-2+deb10u1
=====================================
data/dla-needed.txt
=====================================
@@ -90,13 +90,6 @@ imagemagick (Roberto C. Sánchez)
NOTE: 20220904: VCS:
https://salsa.debian.org/lts-team/packages/imagemagick.git
NOTE: 20220904: Should be synced with Stretch. (apo)
--
-jqueryui (Utkarsh Gupta)
- NOTE: 20221111: Programming language: JavaScript.
- NOTE: 20221111: Follow fixes from bullseye 11.2 (and jessie/elts)
(Beuc/front-desk)
- NOTE: 20221204: update already prepared for buster, as doing for stretch.
- NOTE: 20221204: forgot to claim it in dla-needed, e-mailed Markus now.
(utkarsh)
- NOTE: 20221204: currently, testing the update with Yadd. (utkarsh)
---
kopanocore
NOTE: 20220801: Programming language: C++.
NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
(gusnan/retired)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/858d86a38e10419ae1ba08fd027a4b8a266634e1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/858d86a38e10419ae1ba08fd027a4b8a266634e1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
