[Git][security-tracker-team/security-tracker][master] Track several fixed CVEs for vim via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 4 05:28:58 GMT 2022



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
28510af7 by Salvatore Bonaccorso at 2022-01-04T06:28:12+01:00
Track several fixed CVEs for vim via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -572,13 +572,13 @@ CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation
 CVE-2021-4194
 	RESERVED
 CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0
 	NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950)
 CVE-2021-4192 (vim is vulnerable to Use After Free ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22
@@ -808,7 +808,7 @@ CVE-2021-44775
 CVE-2021-44465
 	RESERVED
 CVE-2021-4187 (vim is vulnerable to Use After Free ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <not-affected> (Vulnerable code introduced later)
 	[stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -1372,7 +1372,7 @@ CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for
 CVE-2021-4174
 	RESERVED
 CVE-2021-4173 (vim is vulnerable to Use After Free ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <not-affected> (Vulnerable code introduced later)
 	[stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -1813,7 +1813,7 @@ CVE-2021-45476
 CVE-2021-45475
 	RESERVED
 CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
@@ -3317,7 +3317,7 @@ CVE-2021-44462
 CVE-2021-4137
 	RESERVED
 CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim <unfixed> (bug #1002534)
+	- vim 2:8.2.3995-1 (bug #1002534)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <not-affected> (Vulnerable code introduced later)
 	[stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -5152,7 +5152,7 @@ CVE-2021-4070
 CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of  ...)
 	NOT-FOR-US: Apache Sling
 CVE-2021-4069 (vim is vulnerable to Use After Free ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/
 	NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741)
 CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...)
@@ -6172,7 +6172,7 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input D
 	NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
 	NOTE: Issues only in janus-demos built from src:janus
 CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
 	NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669)
 CVE-2021-44220
@@ -6644,7 +6644,7 @@ CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlle
 CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...)
 	NOT-FOR-US: kimai2
 CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim <unfixed> (bug #1001896)
+	- vim 2:8.2.3995-1 (bug #1001896)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a
@@ -6863,14 +6863,14 @@ CVE-2021-43961
 CVE-2021-43960
 	RESERVED
 CVE-2021-3974 (vim is vulnerable to Use After Free ...)
-	- vim <unfixed> (bug #1001897)
+	- vim 2:8.2.3995-1 (bug #1001897)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
 	NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612)
 CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim <unfixed> (bug #1001899)
+	- vim 2:8.2.3995-1 (bug #1001899)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
@@ -6885,7 +6885,7 @@ CVE-2021-3970
 CVE-2021-3969
 	RESERVED
 CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim <unfixed> (bug #1001900)
+	- vim 2:8.2.3995-1 (bug #1001900)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <not-affected> (Vulnerable code not present)
@@ -9447,12 +9447,12 @@ CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allow
 CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...)
 	NOT-FOR-US: Sunnet eHRD
 CVE-2021-3928 (vim is vulnerable to Stack-based Buffer Overflow ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
 	NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
 CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim <unfixed>
+	- vim 2:8.2.3995-1
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
 	NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28510af7315388e89006710f744326d54712d0da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/28510af7315388e89006710f744326d54712d0da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220104/cf3977ed/attachment.htm>


More information about the debian-security-tracker-commits mailing list