Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1fa7e6b9 by Markus Koschany at 2022-06-20T11:05:51+02:00 Remove vim no-dsa tags and triage CVE for stretch - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -379,6 +379,7 @@ CVE-2022-33980 RESERVED CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> + [stretch] - vim <postponed> (Minor issue) NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126) CVE-2022-2128 @@ -391,6 +392,7 @@ CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123) CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> + [stretch] - vim <postponed> (Minor issue) NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122) CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...) @@ -3940,6 +3942,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. .. - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) + [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0 NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063) CVE-2022-1999 @@ -4682,7 +4685,6 @@ CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) - [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050) CVE-2022-1967 @@ -5946,7 +5948,6 @@ CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) - [stretch] - vim <postponed> (Minor issue) NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024) CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) @@ -6488,7 +6489,6 @@ CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) - [stretch] - vim <postponed> (Minor issue, OOB read) NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d NOTE: https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (v8.2.5013) CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior to 7.8.0 ...) @@ -8316,7 +8316,6 @@ CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) - [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 NOTE: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956) CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository polonel/t ...) @@ -19744,7 +19743,6 @@ CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) - [stretch] - vim <postponed> (Minor issue) NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 NOTE: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 (v8.2.4563) CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in ...) @@ -28055,7 +28053,6 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2 - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) - [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/ NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245) CVE-2022-0416 @@ -47218,7 +47215,6 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3565-1 [bullseye] - vim <no-dsa> (Minor issue) [buster] - vim <no-dsa> (Minor issue) - [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa7e6b9d34bbea6edfd67ada267ec082acd9e5a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa7e6b9d34bbea6edfd67ada267ec082acd9e5a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits