Helmut Grohne pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c56dcc47 by Helmut Grohne at 2022-11-24T10:17:12+01:00
Reserve DLA-3204-1 for vim
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -38291,7 +38291,6 @@ CVE-2022-29890 (In affected versions of Octopus Server
the help sidebar can be c
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
NOTE:
https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5
(v8.2.5063)
@@ -40093,7 +40092,6 @@ CVE-2022-1943 (A flaw out of bounds memory write in the
Linux kernel UDF file sy
CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
NOTE:
https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d
(v8.2.5043)
@@ -40507,7 +40505,6 @@ CVE-2022-1898 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
...)
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
NOTE:
https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a
(v8.2.5023)
@@ -42683,7 +42680,6 @@ CVE-2022-1786 (A use-after-free flaw was found in the
Linux kernel’s io_ur
CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to
8.2.4977. ...)
- vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109
NOTE:
https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839
(v8.2.4977)
@@ -63500,7 +63496,6 @@ CVE-2022-21154 (An integer overflow vulnerability
exists in the fltSaveCMP funct
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to
8.2. ...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
NOTE:
https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a
(v8.2.4218)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Nov 2022] DLA-3204-1 vim - security update
+ {CVE-2022-0318 CVE-2022-0392 CVE-2022-0629 CVE-2022-0696 CVE-2022-1619
CVE-2022-1621 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000
CVE-2022-2129 CVE-2022-3235 CVE-2022-3256 CVE-2022-3352}
+ [buster] - vim 2:8.1.0875-5+deb10u4
[23 Nov 2022] DLA-3203-1 nginx - security update
{CVE-2021-3618 CVE-2022-41741 CVE-2022-41742}
[buster] - nginx 1.14.2-2+deb10u5
=====================================
data/dla-needed.txt
=====================================
@@ -339,10 +339,6 @@ varnish
NOTE: 20221109: Programming language: C.
NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk)
--
-vim (Helmut)
- NOTE: 20221108: Programming language: C.
- NOTE: 20221108: VCS: https://salsa.debian.org/lts-team/packages/vim.git
---
virglrenderer (Thorsten Alteholz)
NOTE: 20221009: Programming language: C.
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56dcc47493e0659506a4d7cc7f5ff079beac948
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56dcc47493e0659506a4d7cc7f5ff079beac948
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
