[Git][security-tracker-team/security-tracker][master] Track several fixed CVEs for vim via unstable

Salvatore Bonaccorso (@carnil) Mon, 03 Jan 2022 21:29:08 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
28510af7 by Salvatore Bonaccorso at 2022-01-04T06:28:12+01:00
Track several fixed CVEs for vim via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -572,13 +572,13 @@ CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a 
local privilege escalation
 CVE-2021-4194
        RESERVED
 CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b 
(v8.2.3950)
 CVE-2021-4192 (vim is vulnerable to Use After Free ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
@@ -808,7 +808,7 @@ CVE-2021-44775
 CVE-2021-44465
        RESERVED
 CVE-2021-4187 (vim is vulnerable to Use After Free ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <not-affected> (Vulnerable code introduced later)
        [stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -1372,7 +1372,7 @@ CVE-2018-25023 (An issue was discovered in the smallvec 
crate before 0.6.13 for
 CVE-2021-4174
        RESERVED
 CVE-2021-4173 (vim is vulnerable to Use After Free ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <not-affected> (Vulnerable code introduced later)
        [stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -1813,7 +1813,7 @@ CVE-2021-45476
 CVE-2021-45475
        RESERVED
 CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
@@ -3317,7 +3317,7 @@ CVE-2021-44462
 CVE-2021-4137
        RESERVED
 CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
-       - vim <unfixed> (bug #1002534)
+       - vim 2:8.2.3995-1 (bug #1002534)
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <not-affected> (Vulnerable code introduced later)
        [stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -5152,7 +5152,7 @@ CVE-2021-4070
 CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on 
top of  ...)
        NOT-FOR-US: Apache Sling
 CVE-2021-4069 (vim is vulnerable to Use After Free ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
        NOTE: 
https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 
(v8.2.3741)
 CVE-2021-44548 (An Improper Input Validation vulnerability in 
DataImportHandler of Apa ...)
@@ -6172,7 +6172,7 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper 
Neutralization of Input D
        NOTE: 
https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
        NOTE: Issues only in janus-demos built from src:janus
 CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
        NOTE: 
https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 
(v8.2.3669)
 CVE-2021-44220
@@ -6644,7 +6644,7 @@ CVE-2021-44041 (UiPath Assistant 21.4.4 will load and 
execute attacker controlle
 CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During 
Web Pa ...)
        NOT-FOR-US: kimai2
 CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
-       - vim <unfixed> (bug #1001896)
+       - vim 2:8.2.3995-1 (bug #1001896)
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
@@ -6863,14 +6863,14 @@ CVE-2021-43961
 CVE-2021-43960
        RESERVED
 CVE-2021-3974 (vim is vulnerable to Use After Free ...)
-       - vim <unfixed> (bug #1001897)
+       - vim 2:8.2.3995-1 (bug #1001897)
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
        NOTE: 
https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 
(v8.2.3612)
 CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
-       - vim <unfixed> (bug #1001899)
+       - vim 2:8.2.3995-1 (bug #1001899)
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        [stretch] - vim <no-dsa> (Minor issue)
@@ -6885,7 +6885,7 @@ CVE-2021-3970
 CVE-2021-3969
        RESERVED
 CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
-       - vim <unfixed> (bug #1001900)
+       - vim 2:8.2.3995-1 (bug #1001900)
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
        [stretch] - vim <not-affected> (Vulnerable code not present)
@@ -9447,12 +9447,12 @@ CVE-2021-43359 (Sunnet eHRD has broken access control 
vulnerability, which allow
 CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in 
URLs, w ...)
        NOT-FOR-US: Sunnet eHRD
 CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 
(v8.2.3582)
 CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
-       - vim <unfixed>
+       - vim 2:8.2.3995-1
        [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e 
(v8.2.3581)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28510af7315388e89006710f744326d54712d0da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28510af7315388e89006710f744326d54712d0da
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track several fixed CVEs for vim via unstable

Reply via email to