Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 70450616 by Moritz Muehlenhoff at 2022-11-23T12:29:05+01:00 bullseye triage - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -10,6 +10,7 @@ CVE-2022-4122 RESERVED CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS ...) - proftpd-dfsg 1.3.7c+dfsg-1 + [bullseye] - proftpd-dfsg <no-dsa> (Minor issue) NOTE: https://github.com/proftpd/proftpd/issues/1284 NOTE: https://github.com/proftpd/proftpd/pull/1285 NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 (v1.3.8rc2) @@ -42870,10 +42871,10 @@ CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/dr NOT-FOR-US: jgraph/drawio CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...) {DLA-3182-1 DLA-3053-1} - - vim 2:9.0.0135-1 (bug #1015984) - [bullseye] - vim <no-dsa> (Minor issue) + - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 NOTE: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956) + NOTE: Crash in CLI tool, no security impact CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository polonel/t ...) NOT-FOR-US: Trudesk CVE-2022-1718 (The trudesk application allows large characters to insert in the input ...) @@ -44485,11 +44486,10 @@ CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in l NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...) {DLA-3011-1} - - vim 2:9.0.0135-1 (bug #1015984) - [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) + - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb NOTE: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b (v8.2.4919) + NOTE: Crash in CLI tool, no security impact CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_ ...) {DLA-3019-1} - admesh 0.98.4-2 (bug #1010770) @@ -44504,11 +44504,10 @@ CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp NOTE: Crash in CLI tool, no security impact CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...) {DLA-3011-1} - - vim 2:9.0.0135-1 (bug #1015984) - [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) + - vim 2:9.0.0135-1 (bug #1015984; unimportant) NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 NOTE: https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899) + NOTE: Crash in CLI tool, no security impact CVE-2022-1618 RESERVED CVE-2022-1617 @@ -46905,11 +46904,11 @@ CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF toke CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...) NOT-FOR-US: WordPress theme CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) - - vim 2:8.2.4793-1 - [bullseye] - vim <no-dsa> (Minor issue) + - vim 2:8.2.4793-1 (unimportant) [buster] - vim <not-affected> (method call operator -> introduced in 8.1.1803) NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326 NOTE: https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (v8.2.4774) + NOTE: Crash in CLI tool, no security impact CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due ...) {DSA-5171-1} - squid 5.6-1 @@ -51061,10 +51060,10 @@ CVE-2022-1155 (Old sessions are not blocked by the login enable function. in Git - snipe-it <itp> (bug #1005172) CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...) {DLA-3182-1 DLA-3011-1} - - vim 2:8.2.4659-1 - [bullseye] - vim <no-dsa> (Minor issue) + - vim 2:8.2.4659-1 (unimportant) NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 NOTE: https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (v8.2.4646) + NOTE: Crash in CLI tool, no security impact CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and escape t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7045061679c18af52315a87c63b075f076a93abc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7045061679c18af52315a87c63b075f076a93abc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits