Ubuntu CVE Tracker

Merge ~yomonokio/ubuntu-cve-tracker:h2database into ubuntu-cve-tracker:master

  1. Git
  2. lp:~yomonokio/ubuntu-cve-tracker
  3. h2database
  4. Merge into master
Proposed by Chrisa Oikonomou
Status: Merged
Merged at revision: 7b7b60c1128544564ceef95a647509ddcc2c0560
Proposed branch: ~yomonokio/ubuntu-cve-tracker:h2database
Merge into: ubuntu-cve-tracker:master
Diff against target: 173 lines (+49/-40)
4 files modified
active/CVE-2018-14335 (+14/-11)
active/CVE-2021-23463 (+11/-11)
active/CVE-2021-42392 (+10/-9)
active/CVE-2022-23221 (+14/-9)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+466675@code.launchpad.net

Commit message

 h2database: CVEs triage
Please check CVE 2022-23221 and CVE 2018-14335 for notes

Description of the change

 h2database: CVEs triage
Please check CVE 2022-23221 and CVE 2018-14335 for notes

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2018-14335 b/active/CVE-2018-14335
2index 6381948..995a290 100644
3--- a/active/CVE-2018-14335
4+++ b/active/CVE-2018-14335
5@@ -9,6 +9,9 @@ Description:
6 their permissions) via a symlink to a fake database file.
7 Ubuntu-Description:
8 Notes:
9+ yomonokio> Upstream states that H2 is not intended to be used outside a
10+ yomonokio> secure environment and that the web console affected should
11+ yomonokio> be running in production, as it is a debugging tool.
12 Bugs:
13 Priority: medium
14 Discovered-by:
15@@ -18,27 +21,27 @@ CVSS:
16
17
18 Patches_h2database:
19-upstream_h2database: needs-triage
20+upstream_h2database: 1.4.198
21 precise/esm_h2database: DNE
22 trusty_h2database: DNE
23 trusty/esm_h2database: DNE
24 xenial_h2database: ignored (end of standard support, was needs-triage)
25-esm-apps/xenial_h2database: needs-triage
26+esm-apps/xenial_h2database: needed
27 bionic_h2database: ignored (end of standard support, was needs-triage)
28-esm-apps/bionic_h2database: needs-triage
29+esm-apps/bionic_h2database: needed
30 cosmic_h2database: ignored (end of life)
31 disco_h2database: ignored (end of life)
32 eoan_h2database: ignored (end of life)
33-focal_h2database: needs-triage
34-esm-apps/focal_h2database: needs-triage
35+focal_h2database: needed
36+esm-apps/focal_h2database: needed
37 groovy_h2database: ignored (end of life)
38 hirsute_h2database: ignored (end of life)
39 impish_h2database: ignored (end of life)
40-jammy_h2database: needs-triage
41-esm-apps/jammy_h2database: needs-triage
42+jammy_h2database: not-affected (1.4.198)
43+esm-apps/jammy_h2database: not-affected (1.4.198)
44 kinetic_h2database: ignored (end of life, was needs-triage)
45 lunar_h2database: ignored (end of life, was needs-triage)
46-mantic_h2database: needs-triage
47-noble_h2database: needs-triage
48-esm-apps/noble_h2database: needs-triage
49-devel_h2database: needs-triage
50+mantic_h2database: not-affected (1.4.198)
51+noble_h2database: not-affected (1.4.198)
52+esm-apps/noble_h2database: not-affected (1.4.198)
53+devel_h2database: not-affected (1.4.198)
54diff --git a/active/CVE-2021-23463 b/active/CVE-2021-23463
55index e26315f..fa11eb6 100644
56--- a/active/CVE-2021-23463
57+++ b/active/CVE-2021-23463
58@@ -25,21 +25,21 @@ CVSS:
59
60
61 Patches_h2database:
62-upstream_h2database: needs-triage
63+upstream_h2database: 2.0.202
64 trusty_h2database: ignored (end of standard support)
65 xenial_h2database: ignored (end of standard support)
66-esm-apps/xenial_h2database: needs-triage
67+esm-apps/xenial_h2database: not-affected (code not present)
68 bionic_h2database: ignored (end of standard support, was needs-triage)
69-esm-apps/bionic_h2database: needs-triage
70-focal_h2database: needs-triage
71-esm-apps/focal_h2database: needs-triage
72+esm-apps/bionic_h2database: not-affected (code not present)
73+focal_h2database: not-affected (code not present)
74+esm-apps/focal_h2database: not-affected (code not present)
75 hirsute_h2database: ignored (end of life)
76 impish_h2database: ignored (end of life)
77-jammy_h2database: needs-triage
78-esm-apps/jammy_h2database: needs-triage
79+jammy_h2database: not-affected (2.0.202)
80+esm-apps/jammy_h2database: not-affected (2.0.202)
81 kinetic_h2database: ignored (end of life, was needs-triage)
82 lunar_h2database: ignored (end of life, was needs-triage)
83-mantic_h2database: needs-triage
84-noble_h2database: needs-triage
85-esm-apps/noble_h2database: needs-triage
86-devel_h2database: needs-triage
87+mantic_h2database: not-affected (2.0.202)
88+noble_h2database: not-affected (2.0.202)
89+esm-apps/noble_h2database: not-affected (2.0.202)
90+devel_h2database: not-affected (2.0.202)
91diff --git a/active/CVE-2021-42392 b/active/CVE-2021-42392
92index b37e078..6be504f 100644
93--- a/active/CVE-2021-42392
94+++ b/active/CVE-2021-42392
95@@ -25,21 +25,22 @@ CVSS:
96
97
98 Patches_h2database:
99-upstream_h2database: needs-triage
100+upstream_h2database: 2.1.210-1
101 trusty_h2database: ignored (end of standard support)
102 xenial_h2database: ignored (end of standard support)
103-esm-apps/xenial_h2database: needs-triage
104+esm-apps/xenial_h2database: needed
105 bionic_h2database: ignored (end of standard support, was needs-triage)
106-esm-apps/bionic_h2database: needs-triage
107+esm-apps/bionic_h2database: needed
108 focal_h2database: released (1.4.197-4+deb10u1build0.20.04.1)
109 esm-apps/focal_h2database: released (1.4.197-4+deb10u1build0.20.04.1)
110 hirsute_h2database: ignored (end of life)
111 impish_h2database: released (1.4.197-4+deb10u1build0.21.10.1)
112-jammy_h2database: needs-triage
113-esm-apps/jammy_h2database: needs-triage
114+jammy_h2database: released (2.1.210+really1.4.197-1)
115+esm-apps/jammy_h2database: released (2.1.210+really1.4.197-1)
116 kinetic_h2database: ignored (end of life, was needs-triage)
117 lunar_h2database: ignored (end of life, was needs-triage)
118-mantic_h2database: needs-triage
119-noble_h2database: needs-triage
120-esm-apps/noble_h2database: needs-triage
121-devel_h2database: needs-triage
122+mantic_h2database: not-affected (2.1.210-1)
123+noble_h2database: not-affected (2.1.210-1)
124+esm-apps/noble_h2database: not-affected (2.1.210-1)
125+devel_h2database: not-affected (2.1.210-1)
126+
127diff --git a/active/CVE-2022-23221 b/active/CVE-2022-23221
128index bd18752..229e43e 100644
129--- a/active/CVE-2022-23221
130+++ b/active/CVE-2022-23221
131@@ -14,6 +14,11 @@ Description:
132 substring, a different vulnerability than CVE-2021-42392.
133 Ubuntu-Description:
134 Notes:
135+ yomonokio> Upstream states that persistent databases created by H2 1.4.200 and
136+ yomonokio> older versions require export into SQL script with that old version
137+ yomonokio> and creation of a new database with the new version and execution
138+ yomonokio> of this script in it.
139+
140 Mitigation:
141 Bugs:
142 Priority: medium
143@@ -24,21 +29,21 @@ CVSS:
144
145
146 Patches_h2database:
147-upstream_h2database: needs-triage
148+upstream_h2database: 2.1.210
149 trusty_h2database: ignored (end of standard support)
150 xenial_h2database: ignored (end of standard support)
151-esm-apps/xenial_h2database: needs-triage
152+esm-apps/xenial_h2database: needed
153 bionic_h2database: ignored (end of standard support, was needs-triage)
154-esm-apps/bionic_h2database: needs-triage
155+esm-apps/bionic_h2database: needed
156 focal_h2database: released (1.4.197-4+deb10u1build0.20.04.1)
157 esm-apps/focal_h2database: released (1.4.197-4+deb10u1build0.20.04.1)
158 hirsute_h2database: ignored (end of life)
159 impish_h2database: released (1.4.197-4+deb10u1build0.21.10.1)
160-jammy_h2database: needs-triage
161-esm-apps/jammy_h2database: needs-triage
162+jammy_h2database: released (2.1.210+really1.4.197-1)
163+esm-apps/jammy_h2database: released (2.1.210+really1.4.197-1)
164 kinetic_h2database: ignored (end of life, was needs-triage)
165 lunar_h2database: ignored (end of life, was needs-triage)
166-mantic_h2database: needs-triage
167-noble_h2database: needs-triage
168-esm-apps/noble_h2database: needs-triage
169-devel_h2database: needs-triage
170+mantic_h2database: not-affected (2.1.210)
171+noble_h2database: not-affected (2.1.210)
172+esm-apps/noble_h2database: not-affected (2.1.210)
173+devel_h2database: not-affected (2.1.210)

Subscribers

People subscribed via source and target branches