[Git][security-tracker-team/security-tracker][master] Process two new vim CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 17 22:13:32 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8c1147a5 by Salvatore Bonaccorso at 2022-08-17T23:13:04+02:00
Process two new vim CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -126,7 +126,9 @@ CVE-2022-2850 [SIGSEGV in sync_repl]
 	NOTE: https://github.com/389ds/389-ds-base/issues/5418
 	NOTE: Results from an incomplete fix for CVE-2021-3514
 CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	TODO: check
+	- vim <unfixed>
+	NOTE: https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e
+	NOTE: https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 (v9.0.0220)
 CVE-2022-2848
 	RESERVED
 CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -134,7 +136,9 @@ CVE-2022-2847 (A vulnerability, which was classified as critical, has been found
 CVE-2022-2846 (A vulnerability classified as problematic was found in Calendar Event  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2845 (Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217. ...)
-	TODO: check
+	- vim <unfixed>
+	NOTE: https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
+	NOTE: https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c (v9.0.0218)
 CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c1147a5366ecfb1636cbf2c26772d3ba04aca93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8c1147a5366ecfb1636cbf2c26772d3ba04aca93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220817/51ce5b12/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list