Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 28510af7 by Salvatore Bonaccorso at 2022-01-04T06:28:12+01:00 Track several fixed CVEs for vim via unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -572,13 +572,13 @@ CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation CVE-2021-4194 RESERVED CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...) - - vim <unfixed> + - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950) CVE-2021-4192 (vim is vulnerable to Use After Free ...) - - vim <unfixed> + - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 @@ -808,7 +808,7 @@ CVE-2021-44775 CVE-2021-44465 RESERVED CVE-2021-4187 (vim is vulnerable to Use After Free ...) - - vim <unfixed> + - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <not-affected> (Vulnerable code introduced later) [stretch] - vim <not-affected> (Vulnerable code introduced later) @@ -1372,7 +1372,7 @@ CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for CVE-2021-4174 RESERVED CVE-2021-4173 (vim is vulnerable to Use After Free ...) - - vim <unfixed> + - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <not-affected> (Vulnerable code introduced later) [stretch] - vim <not-affected> (Vulnerable code introduced later) @@ -1813,7 +1813,7 @@ CVE-2021-45476 CVE-2021-45475 RESERVED CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...) - - vim <unfixed> + - vim 2:8.2.3995-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 @@ -3317,7 +3317,7 @@ CVE-2021-44462 CVE-2021-4137 RESERVED CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...) - - vim <unfixed> (bug #1002534) + - vim 2:8.2.3995-1 (bug #1002534) [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <not-affected> (Vulnerable code introduced later) [stretch] - vim <not-affected> (Vulnerable code introduced later) @@ -5152,7 +5152,7 @@ CVE-2021-4070 CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...) NOT-FOR-US: Apache Sling CVE-2021-4069 (vim is vulnerable to Use After Free ...) - - vim <unfixed> + - vim 2:8.2.3995-1 NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/ NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741) CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...) @@ -6172,7 +6172,7 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input D NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd NOTE: Issues only in janus-demos built from src:janus CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...) - - vim <unfixed> + - vim 2:8.2.3995-1 NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92 NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669) CVE-2021-44220 @@ -6644,7 +6644,7 @@ CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlle CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) NOT-FOR-US: kimai2 CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...) - - vim <unfixed> (bug #1001896) + - vim 2:8.2.3995-1 (bug #1001896) [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a @@ -6863,14 +6863,14 @@ CVE-2021-43961 CVE-2021-43960 RESERVED CVE-2021-3974 (vim is vulnerable to Use After Free ...) - - vim <unfixed> (bug #1001897) + - vim 2:8.2.3995-1 (bug #1001897) [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4 NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612) CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...) - - vim <unfixed> (bug #1001899) + - vim 2:8.2.3995-1 (bug #1001899) [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <no-dsa> (Minor issue) @@ -6885,7 +6885,7 @@ CVE-2021-3970 CVE-2021-3969 RESERVED CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...) - - vim <unfixed> (bug #1001900) + - vim 2:8.2.3995-1 (bug #1001900) [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <not-affected> (Vulnerable code not present) @@ -9447,12 +9447,12 @@ CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allow CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...) NOT-FOR-US: Sunnet eHRD CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...) - - vim <unfixed> + - vim 2:8.2.3995-1 [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582) CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...) - - vim <unfixed> + - vim 2:8.2.3995-1 [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28510af7315388e89006710f744326d54712d0da -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28510af7315388e89006710f744326d54712d0da You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits