[Git][security-tracker-team/security-tracker][master] 2 commits: Add reference to upstream commit

Fri Jul 1 09:20:08 BST 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1eb020c8 by Salvatore Bonaccorso at 2022-07-01T10:15:28+02:00
Add reference to upstream commit

- - - - -
f75346c4 by Salvatore Bonaccorso at 2022-07-01T10:19:41+02:00
Add CVE-2022-2257/vim

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38,6 +38,7 @@ CVE-2022-XXXX [vulnerable to status injection]
 	- gnupg2 2.2.35-3 (bug #1014157)
 	NOTE: https://dev.gnupg.org/T6027
 	NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1
+	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b
 CVE-2022-34875
 	RESERVED
 CVE-2022-34874
@@ -187,7 +188,10 @@ CVE-2022-2259
 CVE-2022-2258
 	RESERVED
 CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...)
-	TODO: check
+	- vim <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89
+	NOTE: https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a (v9.0.0009)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2256
 	RESERVED
 CVE-2022-2255



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/83d83cd49bd08d7653aea80fc85302912e86fb7b...f75346c433fd68fbc0bd2c361d2b0bd14f95b75d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/83d83cd49bd08d7653aea80fc85302912e86fb7b...f75346c433fd68fbc0bd2c361d2b0bd14f95b75d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220701/9422ffe0/attachment.htm>
