[Git][security-tracker-team/security-tracker][master] Remove vim no-dsa tags and triage CVE for stretch

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1fa7e6b9 by Markus Koschany at 2022-06-20T11:05:51+02:00
Remove vim no-dsa tags and triage CVE for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -379,6 +379,7 @@ CVE-2022-33980
 	RESERVED
 CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
+	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
 	NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
 CVE-2022-2128
@@ -391,6 +392,7 @@ CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
 	NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123)
 CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
+	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705
 	NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122)
 CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2. ...)
@@ -3940,6 +3942,7 @@ CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ..
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
 	NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063)
 CVE-2022-1999
@@ -4682,7 +4685,6 @@ CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b
 	NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050)
 CVE-2022-1967
@@ -5946,7 +5948,6 @@ CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea
 	NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024)
 CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
@@ -6488,7 +6489,6 @@ CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Minor issue, OOB read)
 	NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d
 	NOTE: https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (v8.2.5013)
 CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior to 7.8.0 ...)
@@ -8316,7 +8316,6 @@ CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
 	NOTE: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956)
 CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository polonel/t ...)
@@ -19744,7 +19743,6 @@ CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1
 	NOTE: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 (v8.2.4563)
 CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in  ...)
@@ -28055,7 +28053,6 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
 	NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245)
 CVE-2022-0416
@@ -47218,7 +47215,6 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim 2:8.2.3565-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8
 	NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
 	NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa7e6b9d34bbea6edfd67ada267ec082acd9e5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fa7e6b9d34bbea6edfd67ada267ec082acd9e5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220620/c66f5f37/attachment.htm>