Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker
Commits: c56dcc47 by Helmut Grohne at 2022-11-24T10:17:12+01:00 Reserve DLA-3204-1 for vim - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -38291,7 +38291,6 @@ CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be c CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0 NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063) @@ -40093,7 +40092,6 @@ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file sy CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071 NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043) @@ -40507,7 +40505,6 @@ CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...) CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...) - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <postponed> (Minor issue) NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023) @@ -42683,7 +42680,6 @@ CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_ur CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. ...) - vim 2:9.0.0135-1 (bug #1015984) [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <no-dsa> (Minor issue) NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109 NOTE: https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977) @@ -63500,7 +63496,6 @@ CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP funct CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...) - vim 2:8.2.4659-1 [bullseye] - vim <no-dsa> (Minor issue) - [buster] - vim <no-dsa> (Minor issue) [stretch] - vim <not-affected> (vulnerable code was introduced later) NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218) ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[24 Nov 2022] DLA-3204-1 vim - security update + {CVE-2022-0318 CVE-2022-0392 CVE-2022-0629 CVE-2022-0696 CVE-2022-1619 CVE-2022-1621 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-3235 CVE-2022-3256 CVE-2022-3352} + [buster] - vim 2:8.1.0875-5+deb10u4 [23 Nov 2022] DLA-3203-1 nginx - security update {CVE-2021-3618 CVE-2022-41741 CVE-2022-41742} [buster] - nginx 1.14.2-2+deb10u5 ===================================== data/dla-needed.txt ===================================== @@ -339,10 +339,6 @@ varnish NOTE: 20221109: Programming language: C. NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk) -- -vim (Helmut) - NOTE: 20221108: Programming language: C. - NOTE: 20221108: VCS: https://salsa.debian.org/lts-team/packages/vim.git --- virglrenderer (Thorsten Alteholz) NOTE: 20221009: Programming language: C. -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56dcc47493e0659506a4d7cc7f5ff079beac948 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56dcc47493e0659506a4d7cc7f5ff079beac948 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits