[Git][security-tracker-team/security-tracker][master] Track fixed version for seveal CVEs for vim fixed with unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 4 05:36:38 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66d3f43a by Salvatore Bonaccorso at 2022-08-04T06:35:56+02:00
Track fixed version for seveal CVEs for vim fixed with unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -304,7 +304,7 @@ CVE-2022-2600
CVE-2022-2599
RESERVED
CVE-2022-2598 (Undefined Behavior for Input to API in GitHub repository vim/vim prior ...)
- - vim <unfixed>
+ - vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/
NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101)
CVE-2022-2597
@@ -936,12 +936,12 @@ CVE-2022-37022
CVE-2022-37021
RESERVED
CVE-2022-2581 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b/
NOTE: https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88 (v9.0.0105)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2580 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
- - vim <unfixed>
+ - vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249/
NOTE: https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d (v9.0.0104)
CVE-2022-2579 (A vulnerability, which was classified as problematic, was found in Sou ...)
@@ -995,7 +995,7 @@ CVE-2022-37014
CVE-2022-2572
RESERVED
CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
- - vim <unfixed>
+ - vim 2:9.0.0135-1
NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
NOTE: https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614 (v9.0.0102)
CVE-2022-2570
@@ -5084,12 +5084,12 @@ CVE-2022-33939
CVE-2022-2346
RESERVED
CVE-2022-2345 (Use After Free in GitHub repository vim/vim prior to 9.0.0046. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f
NOTE: https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea (v9.0.0047)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996
NOTE: https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92 (v9.0.0046)
NOTE: Crash in CLI tool, no security impact
@@ -5100,7 +5100,7 @@ CVE-2020-36555
CVE-2020-36554
RESERVED
CVE-2022-2343 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5
NOTE: https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853 (v9.0.0045)
NOTE: Crash in CLI tool, no security impact
@@ -6031,7 +6031,7 @@ CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1
CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/tril ...)
NOT-FOR-US: Trilium Notes
CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64/
NOTE: https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e (v9.0.0026)
NOTE: Crash in CLI tool, no security impact
@@ -6074,12 +6074,12 @@ CVE-2022-32581
CVE-2022-30531
RESERVED
CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284/
NOTE: https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774 (v9.0.0021)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2286 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8/
NOTE: https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c (v9.0.0020)
CVE-2022-34902 (This vulnerability allows local attackers to escalate privileges on af ...)
@@ -6107,7 +6107,7 @@ CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior
NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
NOTE: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018)
CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874/
NOTE: https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 (v9.0.0017)
NOTE: Crash in CLI tool, no security impact
@@ -6279,7 +6279,7 @@ CVE-2022-2266
CVE-2022-2265
RESERVED
CVE-2022-2264 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c/
NOTE: Fixed by: https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05 (v9.0.0011)
NOTE: Crash in CLI tool, no security impact
@@ -6328,7 +6328,7 @@ CVE-2022-2259
CVE-2022-2258
RESERVED
CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89
NOTE: https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a (v9.0.0009)
NOTE: Crash in CLI tool, no security impact
@@ -6599,7 +6599,7 @@ CVE-2022-2233
CVE-2022-2232
RESERVED
CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5
NOTE: https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (v8.2.5169)
NOTE: Crash in CLI tool, no security impact
@@ -7202,14 +7202,14 @@ CVE-2022-2211 (A vulnerability was found in libguestfs. This issue occurs while
NOTE: https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57
NOTE: Documentation: https://github.com/libguestfs/libguestfs/commit/99844660b48ed809e37378262c65d63df6ce4a53
CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25
NOTE: https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa (v8.2.5164)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2209
REJECTED
CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.516 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1
NOTE: https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (v8.2.5163)
NOTE: Crash in CLI tool, no security impact
@@ -7226,7 +7226,7 @@ CVE-2022-34491
CVE-2022-34490
RESERVED
CVE-2022-2206 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668
NOTE: https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908 (v8.2.5160)
NOTE: Crash in CLI tool, no security impact
@@ -7710,12 +7710,12 @@ CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all vers
CVE-2022-2184 (The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975
NOTE: https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa (v8.2.5151)
NOTE: Crash in CLI tool, no security impact
CVE-2022-2182 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8
NOTE: https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e (v8.2.5150)
NOTE: Crash in CLI tool, no security impact
@@ -7861,7 +7861,7 @@ CVE-2022-2177
CVE-2022-2176
RESERVED
CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55
NOTE: https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e (v8.2.5148)
NOTE: Crash in CLI tool, no security impact
@@ -11540,7 +11540,7 @@ CVE-2022-2044
CVE-2022-2043
RESERVED
CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba
NOTE: https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835 (v8.2.5072)
NOTE: Crash in CLI tool, no security impact
@@ -14188,7 +14188,7 @@ CVE-2022-1929 (An exponential ReDoS (Regular Expression Denial of Service) can b
CVE-2022-1928 (Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gite ...)
- gitea <removed>
CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777
NOTE: https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037)
NOTE: Crash in CLI tool, no security impact
@@ -14814,7 +14814,7 @@ CVE-2022-31619 (A vulnerability has been identified in Teamcenter V12.4 (All ver
CVE-2022-1887
RESERVED
CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a
NOTE: https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7 (v8.2.5016)
NOTE: Crash in CLI tool, no security impact
@@ -16522,7 +16522,7 @@ CVE-2022-30977
CVE-2022-29496 (A stack-based buffer overflow vulnerability exists in the BlynkConsole ...)
NOT-FOR-US: BlynkConsole
CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e
NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979)
NOTE: Crash in CLI tool, no security impact
@@ -16610,7 +16610,7 @@ CVE-2022-1773 (The WP Athletics WordPress plugin through 1.1.7 does not sanitise
CVE-2022-1772 (The Google Places Reviews WordPress plugin before 2.0.0 does not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1771 (Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb
NOTE: https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8 (v8.2.4975)
NOTE: Crash in CLI tool, no security impact
@@ -16622,7 +16622,7 @@ CVE-2022-30973 (We failed to apply the fix for CVE-2022-30126 to the 1.x branch
CVE-2022-1770 (Improper Privilege Management in GitHub repository polonel/trudesk pri ...)
NOT-FOR-US: Trudesk
CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c
NOTE: https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4 (v8.2.4974)
NOTE: Crash in CLI tool, no security impact
@@ -16878,7 +16878,7 @@ CVE-2022-1736
NOTE: Not treated as a security issue in Debian, whether to start the daemon or not is ultimately
NOTE: up to the local admin
CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9
NOTE: https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 (v8.2.4969)
NOTE: Crash in CLI tool, no security impact
@@ -16889,7 +16889,7 @@ CVE-2022-1734 (A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in d
NOTE: https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6)
NOTE: Support for Marvell NFC devices (CONFIG_NFC_MRVL) not enabled
CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a
NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968)
NOTE: Crash in CLI tool, no security impact
@@ -16916,7 +16916,7 @@ CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in when
NOTE: https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9 (1.20.2)
NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c
NOTE: https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c (v8.2.4959)
NOTE: Negligible security impact; crash in CLI tool
@@ -17925,7 +17925,7 @@ CVE-2022-1676
CVE-2022-1675
RESERVED
CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385
NOTE: https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 (v8.2.4938)
NOTE: Negligible security impact; crash in CLI tool
@@ -18137,7 +18137,7 @@ CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub r
CVE-2022-1630 (The WP-EMail WordPress plugin before 2.69.0 does not protect its log d ...)
NOT-FOR-US: WordPress plugin
CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository vim/ ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee
NOTE: https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd (v8.2.4925)
NOTE: Crash in CLI tool, no security impact
@@ -18548,7 +18548,7 @@ CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_u
NOTE: https://github.com/admesh/admesh/issues/28
NOTE: https://github.com/admesh/admesh/commit/e84d8353f1347e1f26f0a95770d92ba14e6ede38
CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.0135-1 (unimportant)
NOTE: https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51
NOTE: https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f (v8.2.4901)
NOTE: Crash in CLI tool, no security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66d3f43af7c3db137c6291ed78eb871818a6af52
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/66d3f43af7c3db137c6291ed78eb871818a6af52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220804/1e9e3843/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list