[Git][security-tracker-team/security-tracker][master] Add three new vim issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 28 10:55:05 BST 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5186dd3 by Salvatore Bonaccorso at 2022-06-28T11:54:38+02:00
Add three new vim issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -586,13 +586,20 @@ CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
 	TODO: check, upstream references, mentioned code is actually in src:guestfs-tools
 CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
-	TODO: check
+	- vim <unfixed>
+	NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25
+	NOTE: https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa (v8.2.5164)
 CVE-2022-2209
 	RESERVED
 CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. ...)
-	TODO: check
+	- vim <unfixed> (unimportant)
+	NOTE: https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1
+	NOTE: https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (v8.2.5163)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2207 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
-	TODO: check
+	- vim <unfixed>
+	NOTE: https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9
+	NOTE: https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (v8.2.5162)
 CVE-2022-34493
 	RESERVED
 CVE-2022-34492



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5186dd327468fad357c949db23f7d552adda303

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5186dd327468fad357c949db23f7d552adda303
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220628/ca2a2555/attachment.htm>

More information about the debian-security-tracker-commits mailing list