Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1fa7e6b9 by Markus Koschany at 2022-06-20T11:05:51+02:00
Remove vim no-dsa tags and triage CVE for stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -379,6 +379,7 @@ CVE-2022-33980
RESERVED
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
- vim <unfixed>
+ [stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
NOTE:
https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d
(v8.2.5126)
CVE-2022-2128
@@ -391,6 +392,7 @@ CVE-2022-2126 (Out-of-bounds Read in GitHub repository
vim/vim prior to 8.2. ...
NOTE:
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
(v8.2.5123)
CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- vim <unfixed>
+ [stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
NOTE:
https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f
(v8.2.5122)
CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
@@ -3940,6 +3942,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository
vim/vim prior to 8.2. ..
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
NOTE:
https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5
(v8.2.5063)
CVE-2022-1999
@@ -4682,7 +4685,6 @@ CVE-2022-1968 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
NOTE:
https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895
(v8.2.5050)
CVE-2022-1967
@@ -5946,7 +5948,6 @@ CVE-2022-1898 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
NOTE:
https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a
(v8.2.5024)
CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
@@ -6488,7 +6489,6 @@ CVE-2022-1851 (Out-of-bounds Read in GitHub repository
vim/vim prior to 8.2. ...
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <postponed> (Minor issue, OOB read)
NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d
NOTE:
https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad
(v8.2.5013)
CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior
to 7.8.0 ...)
@@ -8316,7 +8316,6 @@ CVE-2022-1720 (Buffer Over-read in function
grab_file_name in GitHub repository
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
NOTE:
https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c
(v8.2.4956)
CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository
polonel/t ...)
@@ -19744,7 +19743,6 @@ CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim
in GitHub repository vim
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1
NOTE:
https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3
(v8.2.4563)
CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in
compilePassOpcode in ...)
@@ -28055,7 +28053,6 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub
repository vim/vim prior to 8.2
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
NOTE:
https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a
(v8.2.4245)
CVE-2022-0416
@@ -47218,7 +47215,6 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer
Overflow ...)
- vim 2:8.2.3565-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
NOTE:
https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
NOTE: PoC crashes starting with
https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8
(v8.2.0149)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa7e6b9d34bbea6edfd67ada267ec082acd9e5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa7e6b9d34bbea6edfd67ada267ec082acd9e5a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
