Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 5772161b by Moritz Mühlenhoff at 2022-08-13T21:00:48+02:00 iotjs removed - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -42226,13 +42226,13 @@ CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at j NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936 CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...) - - iotjs <unfixed> (bug #1004288) + - iotjs <removed> (bug #1004288) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937 CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...) - - iotjs <unfixed> (bug #1004288) + - iotjs <removed> (bug #1004288) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961 @@ -42242,7 +42242,7 @@ CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (o NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938 CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) - - iotjs <unfixed> (bug #1004288) + - iotjs <removed> (bug #1004288) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 @@ -42266,7 +42266,7 @@ CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !e CVE-2021-46341 RESERVED CVE-2021-46340 (There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY ...) - - iotjs <unfixed> (bug #1004288) + - iotjs <removed> (bug #1004288) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964 @@ -42275,7 +42275,7 @@ CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, stri NOTE: Not considered a security issue by iotjs project NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935 CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...) - - iotjs <unfixed> (bug #1004288) + - iotjs <removed> (bug #1004288) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943 @@ -43733,37 +43733,37 @@ CVE-2022-22897 CVE-2022-22896 RESERVED CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) - - iotjs <unfixed> (bug #1004298) + - iotjs <removed> (bug #1004298) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850 NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882 CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - - iotjs <unfixed> (bug #1004298) + - iotjs <removed> (bug #1004298) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...) - - iotjs <unfixed> (bug #1004298) + - iotjs <removed> (bug #1004298) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945 CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...) - - iotjs <unfixed> (bug #1004298) + - iotjs <removed> (bug #1004298) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...) - - iotjs <unfixed> (bug #1004298) + - iotjs <removed> (bug #1004298) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871 NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885 CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT &am ...) - - iotjs <unfixed> (bug #1004298) + - iotjs <removed> (bug #1004298) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849 @@ -43771,7 +43771,7 @@ CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESE CVE-2022-22889 RESERVED CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) - - iotjs <unfixed> (bug #1004298) + - iotjs <removed> (bug #1004298) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877 @@ -44146,7 +44146,7 @@ CVE-2021-46172 CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...) NOT-FOR-US: Modex CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...) - - iotjs <unfixed> (bug #1015219) + - iotjs <removed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917 @@ -56214,7 +56214,7 @@ CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...) NOT-FOR-US: AnyTXT Searcher for Windows CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...) - - iotjs <unfixed> (bug #1015219) + - iotjs <removed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808 @@ -58730,7 +58730,7 @@ CVE-2021-42865 CVE-2021-42864 RESERVED CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...) - - iotjs <unfixed> (bug #1015219) + - iotjs <removed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793 @@ -62335,7 +62335,7 @@ CVE-2021-41961 CVE-2021-41960 RESERVED CVE-2021-41959 (JerryScript Git version 14ff5bf does not sufficiently track and releas ...) - - iotjs <unfixed> (bug #1015219) + - iotjs <removed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4781 @@ -62905,7 +62905,7 @@ CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4779 CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...) - - iotjs <unfixed> (bug #1015219) + - iotjs <removed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797 @@ -63074,12 +63074,12 @@ CVE-2021-41685 CVE-2021-41684 RESERVED CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...) - - iotjs <unfixed> (bug #1015219) + - iotjs <removed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4745 CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...) - - iotjs <unfixed> (bug #1015219) + - iotjs <removed> (bug #1015219) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4747 @@ -102400,29 +102400,29 @@ CVE-2021-26201 (The Login Panel of CASAP Automated Enrollment System 1.0 is vuln CVE-2021-26200 (The user area for Library System 1.0 is vulnerable to SQL injection wh ...) NOT-FOR-US: Library System CVE-2021-26199 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4056 CVE-2021-26198 (An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_ ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4402 CVE-2021-26197 (An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_ ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4403 CVE-2021-26196 RESERVED CVE-2021-26195 (An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-o ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4442 CVE-2021-26194 (An issue was discovered in JerryScript 2.4.0. There is a heap-use-afte ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4445 @@ -121345,7 +121345,7 @@ CVE-2020-29659 (A buffer overflow in the web server of Flexense DupScout Enterpr CVE-2020-29658 (Zoho ManageEngine Application Control Plus before 100523 has an insecu ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...) - - iotjs <unfixed> (bug #977736; unimportant) + - iotjs <removed> (bug #977736; unimportant) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244 NOTE: Does not affect code built in into the library CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Download Ma ...) @@ -138704,7 +138704,7 @@ CVE-2020-24346 (njs through 0.4.3, used in NGINX, has a use-after-free in njs_js CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via ...) NOTE: Disputed JerryScript issue CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...) - - iotjs <unfixed> (bug #988213) + - iotjs <removed> (bug #988213) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976 @@ -140848,27 +140848,27 @@ CVE-2020-23325 CVE-2020-23324 RESERVED CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871 CVE-2020-23322 (There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRAC ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869 CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870 CVE-2020-23320 (There is an Assertion in 'context_p->next_scanner_info_p->type = ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835 CVE-2020-23319 (There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) > ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834 @@ -140881,44 +140881,44 @@ CVE-2020-23316 CVE-2020-23315 (There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldReg ...) NOT-FOR-US: Microsoft CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825 CVE-2020-23313 (There is an Assertion 'scope_stack_p > context_p->scope_stack_p' ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823 CVE-2020-23312 (There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCC ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824 CVE-2020-23311 (There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE | ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822 CVE-2020-23310 (There is an Assertion 'context_p->next_scanner_info_p->type == S ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821 CVE-2020-23309 (There is an Assertion 'context_p->stack_depth == context_p->cont ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820 CVE-2020-23308 (There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSI ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819 CVE-2020-23307 RESERVED CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753 @@ -140927,12 +140927,12 @@ CVE-2020-23305 CVE-2020-23304 RESERVED CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749 CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...) - - iotjs <unfixed> (bug #989991) + - iotjs <removed> (bug #989991) [bullseye] - iotjs <no-dsa> (Minor issue) [buster] - iotjs <no-dsa> (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5772161b4e0c095f9b3f6612da1b135ae280e426 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5772161b4e0c095f9b3f6612da1b135ae280e426 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits