[Git][security-tracker-team/security-tracker][master] Track fixed version for vim via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 4 20:02:17 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c5671556 by Salvatore Bonaccorso at 2022-04-04T21:01:06+02:00
Track fixed version for vim via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1158,7 +1158,7 @@ CVE-2022-1156
CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...)
NOT-FOR-US: snipe-it
CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue, use-after-free in malicious command file)
@@ -4287,7 +4287,7 @@ CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in
CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in GitHub ...)
NOT-FOR-US: sqlpad
CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
@@ -7756,7 +7756,7 @@ CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypass
NOTE: https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628 (1.2.x)
CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea
@@ -7864,7 +7864,7 @@ CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that coul
NOT-FOR-US: Schneider Electric
CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3
@@ -8444,7 +8444,7 @@ CVE-2022-0698
CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. ...)
NOT-FOR-US: Archivy
CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -8493,7 +8493,7 @@ CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse
NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8)
CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782
@@ -8967,7 +8967,7 @@ CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...)
NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32
NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad
CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
@@ -9779,7 +9779,7 @@ CVE-2022-0574
CVE-2022-0573
RESERVED
CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Fix introduces a test regression)
@@ -10500,7 +10500,7 @@ CVE-2022-0555
RESERVED
CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/
@@ -11819,7 +11819,7 @@ CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Coo
CVE-2022-0444
RESERVED
CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
@@ -12283,7 +12283,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 p
CVE-2022-0418
RESERVED
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -12347,7 +12347,7 @@ CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application
CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. ...)
- dolibarr <removed>
CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Fix introduces a test regression)
@@ -12386,13 +12386,13 @@ CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist show
NOT-FOR-US: ShowDoc
CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247)
CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (vulnerable code is not present)
@@ -12547,7 +12547,7 @@ CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe
CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...)
NOT-FOR-US: livehelperchat
CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (vulnerable code is not present)
@@ -12647,7 +12647,7 @@ CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission
CVE-2022-21154
RESERVED
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (vulnerable code was introduced later)
@@ -13149,7 +13149,7 @@ CVE-2022-21184
RESERVED
CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/
@@ -13168,7 +13168,7 @@ CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3. ...)
NOT-FOR-US: ShowDoc
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
@@ -13177,7 +13177,7 @@ CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer Word
NOT-FOR-US: WordPress plugin
CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
@@ -13379,7 +13379,7 @@ CVE-2022-23865
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...)
NOT-FOR-US: calibre-web
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Fix introduces a test regression)
@@ -14041,13 +14041,13 @@ CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5
NOT-FOR-US: WordPress plugin
CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2. ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b
NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154)
CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
- - vim <unfixed> (bug #1004859)
+ - vim 2:8.2.4659-1 (bug #1004859)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Fix introduces a test regression)
@@ -15549,7 +15549,7 @@ CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimc
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Fix introduces a test regression)
@@ -15946,7 +15946,7 @@ CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 au
NOT-FOR-US: WordPress plugin
CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
{DLA-2947-1}
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
@@ -17253,7 +17253,7 @@ CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates
CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...)
NOT-FOR-US: orchardcore
CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (vulnerable code was introduced later)
@@ -17320,7 +17320,7 @@ CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote
CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media ...)
NOT-FOR-US: Kentico Xperience CMS
CVE-2022-0156 (vim is vulnerable to Use After Free ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -17975,7 +17975,7 @@ CVE-2022-22678
CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee TechCheck pri ...)
NOT-FOR-US: McAfee
CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read ...)
- - vim <unfixed>
+ - vim 2:8.2.4659-1
[bullseye] - vim <not-affected> (Vulnerable code introduced later)
[buster] - vim <not-affected> (Vulnerable code introduced later)
[stretch] - vim <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5671556f5c83fdf9f39801999d8febac301ca62
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5671556f5c83fdf9f39801999d8febac301ca62
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220404/c23abf48/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list