[Git][security-tracker-team/security-tracker][master] Add some new CVEs for vim

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 1 21:23:00 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1047a316 by Salvatore Bonaccorso at 2022-08-01T22:22:24+02:00
Add some new CVEs for vim

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,9 @@ CVE-2022-2600
 CVE-2022-2599
 	RESERVED
 CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
-	TODO: check
+	- vim <unfixed>
+	NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
+	NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101)
 CVE-2022-2597
 	RESERVED
 CVE-2022-2596 (Denial of Service in GitHub repository node-fetch/node-fetch prior to  ...)
@@ -639,9 +641,14 @@ CVE-2022-37022
 CVE-2022-37021
 	RESERVED
 CVE-2022-2581 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. ...)
-	TODO: check
+	- vim <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b/
+	NOTE: https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88 (v9.0.0105)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2580 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	TODO: check
+	- vim <unfixed>
+	NOTE: https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249/
+	NOTE: https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d (v9.0.0104)
 CVE-2022-2579 (A vulnerability, which was classified as problematic, was found in Sou ...)
 	NOT-FOR-US: SourceCodester
 CVE-2022-2578 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -693,7 +700,9 @@ CVE-2022-37014
 CVE-2022-2572
 	RESERVED
 CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	TODO: check
+	- vim <unfixed>
+	NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
+	NOTE: https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614 (v9.0.0102)
 CVE-2022-2570
 	RESERVED
 CVE-2022-37013



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1047a316bd3d5277501b442862b9e20632d95f39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1047a316bd3d5277501b442862b9e20632d95f39
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220801/b22d4d79/attachment.htm>

More information about the debian-security-tracker-commits mailing list