[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-0158,CVE-2022-0392,vim: Stretch is not affected

Markus Koschany (@apo) apo at debian.org
Thu Mar 10 21:57:13 GMT 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cb490882 by Markus Koschany at 2022-03-10T22:53:59+01:00
CVE-2022-0158,CVE-2022-0392,vim: Stretch is not affected

The vulnerable code was introduced later

- - - - -
c5a79a86 by Markus Koschany at 2022-03-10T22:56:12+01:00
Mark five vim CVE as postponed in Stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4997,6 +4997,7 @@ CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
 	NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359)
 CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...)
@@ -7441,6 +7442,7 @@ CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
 	NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253)
 CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...)
@@ -7724,6 +7726,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <not-affected> (vulnerable code was introduced later)
 	NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
 	NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218)
 CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...)
@@ -8438,6 +8441,7 @@ CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub reposi
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
 	NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206)
 CVE-2022-0350
@@ -9103,6 +9107,7 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...)
 	- vim <unfixed> (bug #1004859)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
 	NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151)
 CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...)
@@ -10586,6 +10591,7 @@ CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
 	NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120)
 CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -12251,6 +12257,7 @@ CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	- vim <unfixed>
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <not-affected> (vulnerable code was introduced later)
 	NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/
 	NOTE: https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 (v8.2.4049)
 CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of Input  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5953d8db8318114dd93d52fc59670b7145512e78...c5a79a86622ede55dd7f3a765878142a75d8474d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5953d8db8318114dd93d52fc59670b7145512e78...c5a79a86622ede55dd7f3a765878142a75d8474d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220310/85429efc/attachment.htm>

More information about the debian-security-tracker-commits mailing list