[Git][security-tracker-team/security-tracker][master] Several vim issues fixed in unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 4 05:31:05 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f79bd720 by Salvatore Bonaccorso at 2022-08-04T06:30:34+02:00
Several vim issues fixed in unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2362,7 +2362,7 @@ CVE-2022-34147
CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
NOT-FOR-US: Roxy-WI
CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
- - vim <unfixed> (bug #1016068)
+ - vim 2:9.0.0135-1 (bug #1016068)
NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
NOTE: https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 (v9.0.0061)
CVE-2022-2521
@@ -5963,7 +5963,7 @@ CVE-2022-2306 (Old session tokens can be used to authenticate to the application
CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
@@ -6036,7 +6036,7 @@ CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...)
NOTE: https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e (v9.0.0026)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/
NOTE: https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025)
CVE-2022-34910
@@ -6101,7 +6101,7 @@ CVE-2022-34895
CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...)
NOT-FOR-US: JetBrains Hub
CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
@@ -7214,7 +7214,7 @@ CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
NOTE: https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (v8.2.5163)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2207 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
NOTE: https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9
NOTE: https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (v8.2.5162)
CVE-2022-34493
@@ -8630,7 +8630,7 @@ CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, al
- commons-configuration2 2.8.0-1 (bug #1014960)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
@@ -8640,17 +8640,17 @@ CVE-2022-2127
RESERVED
CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
NOTE: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123)
CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122)
CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
NOTE: https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42
NOTE: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120)
CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...)
@@ -12337,7 +12337,7 @@ CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of c
CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be customi ...)
NOT-FOR-US: Octopus Server
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -13152,7 +13152,7 @@ CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerabl
NOT-FOR-US: Mobile browser color select plugin for WordPress
CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
@@ -14102,7 +14102,7 @@ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file sy
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -14482,13 +14482,13 @@ CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior t
NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d
CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024)
CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
@@ -15010,7 +15010,7 @@ CVE-2022-1852 (A NULL pointer dereference flaw was found in the Linux kernelR
NOTE: https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9
CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3053-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d
@@ -16559,7 +16559,7 @@ CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_ur
NOTE: https://www.openwall.com/lists/oss-security/2022/05/24/4
NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1
CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. ...)
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
@@ -16930,7 +16930,7 @@ CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/dr
NOT-FOR-US: jgraph/drawio
CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...)
{DLA-3053-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
@@ -18535,7 +18535,7 @@ CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in l
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
{DLA-3011-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
@@ -18554,7 +18554,7 @@ CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp
NOTE: Crash in CLI tool, no security impact
CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...)
{DLA-3011-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
@@ -18611,7 +18611,7 @@ CVE-2022-30321 (HashiCorp go-getter through 2.0.2 does not safely perform downlo
NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0)
CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim prior to ...)
{DLA-3011-1}
- - vim <unfixed> (bug #1015984)
+ - vim 2:9.0.0135-1 (bug #1015984)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f79bd7201e2b3d5b41e820925214c6a50c2faab4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f79bd7201e2b3d5b41e820925214c6a50c2faab4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220804/7de11a34/attachment.htm>
More information about the debian-security-tracker-commits
mailing list