[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e706af0 by Moritz Muehlenhoff at 2022-12-05T13:18:41+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -11308,9 +11308,10 @@ CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All vers
 CVE-2022-43396
 	RESERVED
 CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789. ...)
-	- vim 2:9.0.0813-1
+	- vim 2:9.0.0813-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921
 	NOTE: https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad (v9.0.0789)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3590
 	RESERVED
 CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...)
@@ -12451,9 +12452,10 @@ CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can
 	NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/
 	NOTE: Doesn't seem to be reported upstream so far
 CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	- vim 2:9.0.0813-1
+	- vim 2:9.0.0813-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246
 	NOTE: https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b (v9.0.0765)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Sanitization Management System
 CVE-2022-3518 (A vulnerability classified as problematic has been found in SourceCode ...)
@@ -12703,9 +12705,10 @@ CVE-2022-3493 (A vulnerability, which was classified as problematic, has been fo
 CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...)
 	NOT-FOR-US: SourceCodester Human Resource Management System
 CVE-2022-3491 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	- vim 2:9.0.0813-1
+	- vim 2:9.0.0813-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb
 	NOTE: https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041 (v9.0.0742)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -61,7 +61,7 @@ sox
 --
 tiff
 --
-vlc
+vlc (jmm)
   Maintainer proposed update for review, to be acked for upload
 --
 xfce4-settings (corsac)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e706af008a48a951e49c5a8c4eaa2349df052a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e706af008a48a951e49c5a8c4eaa2349df052a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221205/7a9ca2e8/attachment.htm>