[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Wed, 23 Nov 2022 03:29:31 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
70450616 by Moritz Muehlenhoff at 2022-11-23T12:29:05+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,6 +10,7 @@ CVE-2022-4122
        RESERVED
 CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure 
to RADIUS ...)
        - proftpd-dfsg 1.3.7c+dfsg-1
+       [bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
        NOTE: https://github.com/proftpd/proftpd/issues/1284
        NOTE: https://github.com/proftpd/proftpd/pull/1285
        NOTE: Fixed by: 
https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43
 (v1.3.8rc2)
@@ -42870,10 +42871,10 @@ CVE-2022-1721 (Path Traversal in WellKnownServlet in 
GitHub repository jgraph/dr
        NOT-FOR-US: jgraph/drawio
 CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub 
repository vim/v ...)
        {DLA-3182-1 DLA-3053-1}
-       - vim 2:9.0.0135-1 (bug #1015984)
-       [bullseye] - vim <no-dsa> (Minor issue)
+       - vim 2:9.0.0135-1 (bug #1015984; unimportant)
        NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
        NOTE: 
https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c 
(v8.2.4956)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository 
polonel/t ...)
        NOT-FOR-US: Trudesk
 CVE-2022-1718 (The trudesk application allows large characters to insert in 
the input ...)
@@ -44485,11 +44486,10 @@ CVE-2022-1622 (LibTIFF master branch has an 
out-of-bounds read in LZWDecode in l
        NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub 
repository vim ...)
        {DLA-3011-1}
-       - vim 2:9.0.0135-1 (bug #1015984)
-       [bullseye] - vim <no-dsa> (Minor issue)
-       [buster] - vim <no-dsa> (Minor issue)
+       - vim 2:9.0.0135-1 (bug #1015984; unimportant)
        NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
        NOTE: 
https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b 
(v8.2.4919)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in 
stl_update_ ...)
        {DLA-3019-1}
        - admesh 0.98.4-2 (bug #1010770)
@@ -44504,11 +44504,10 @@ CVE-2022-1620 (NULL Pointer Dereference in function 
vim_regexec_string at regexp
        NOTE: Crash in CLI tool, no security impact
 CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in 
GitHub r ...)
        {DLA-3011-1}
-       - vim 2:9.0.0135-1 (bug #1015984)
-       [bullseye] - vim <no-dsa> (Minor issue)
-       [buster] - vim <no-dsa> (Minor issue)
+       - vim 2:9.0.0135-1 (bug #1015984; unimportant)
        NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
        NOTE: 
https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe 
(v8.2.4899)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-1618
        RESERVED
 CVE-2022-1617
@@ -46905,11 +46904,11 @@ CVE-2022-1422 (The Discy WordPress theme before 5.2 
does not check for CSRF toke
 CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some 
AJAX ac ...)
        NOT-FOR-US: WordPress theme
 CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim 
prior  ...)
-       - vim 2:8.2.4793-1
-       [bullseye] - vim <no-dsa> (Minor issue)
+       - vim 2:8.2.4793-1 (unimportant)
        [buster] - vim <not-affected> (method call operator -> introduced in 
8.1.1803)
        NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
        NOTE: 
https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca 
(v8.2.4774)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 
5.6, due ...)
        {DSA-5171-1}
        - squid 5.6-1
@@ -51061,10 +51060,10 @@ CVE-2022-1155 (Old sessions are not blocked by the 
login enable function. in Git
        - snipe-it <itp> (bug #1005172)
 CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim 
prior to 8 ...)
        {DLA-3182-1 DLA-3011-1}
-       - vim 2:8.2.4659-1
-       [bullseye] - vim <no-dsa> (Minor issue)
+       - vim 2:8.2.4659-1 (unimportant)
        NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
        NOTE: 
https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 
(v8.2.4646)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise 
and es ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and 
escape t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7045061679c18af52315a87c63b075f076a93abc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7045061679c18af52315a87c63b075f076a93abc
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to