[Git][security-tracker-team/security-tracker][master] vim fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Dec 28 17:47:21 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cfbae1f7 by Moritz Mühlenhoff at 2022-12-28T18:46:13+01:00
vim fixed in sid
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6003,7 +6003,7 @@ CVE-2022-4293 (Floating Point Comparison with Incorrect Operator in GitHub repos
 	NOTE: https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b (v9.0.0804)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882. ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1000-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b
 	NOTE: https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93 (v9.0.0882)
 	NOTE: Crash in CLI tool, no security impact
@@ -7705,7 +7705,7 @@ CVE-2022-4143
 CVE-2022-4142
 	RESERVED
 CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...)
-	- vim <unfixed> (bug #1027146)
+	- vim 2:9.0.1000-1 (bug #1027146)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
@@ -78447,7 +78447,7 @@ CVE-2021-46090
 CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...)
 	NOT-FOR-US: JeecgBoot
 CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...)
-	- zabbix <undetermined>
+	NOTE: Zabbix security feature, not a vulnerability per se
 	NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely
 	NOTE: https://github.com/paalbra/zabbix-zbxsec-7
 	NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command
@@ -239533,7 +239533,7 @@ CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x t
 	- python2.7 2.7.17~rc1-1
 	[buster] - python2.7 2.7.16-2+deb10u1
 	[jessie] - python2.7 <ignored> (Minor Issue, XSS in an unlikely use-case)
-	- jython <unfixed>
+	- jython <unfixed> (bug #1027149)
 	[bullseye] - jython <ignored> (Minor Issue)
 	[buster] - jython <ignored> (Minor Issue)
 	[stretch] - jython <ignored> (Minor Issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfbae1f76e4271509ca9b6b332f12d75e73eb5d9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfbae1f76e4271509ca9b6b332f12d75e73eb5d9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221228/e2145d8f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list