[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-0393, CVE-2022-0407,vim: Stretch is not affected
Markus Koschany (@apo)
apo at debian.org
Fri Mar 11 18:51:01 GMT 2022
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
840db55a by Markus Koschany at 2022-03-11T19:44:37+01:00
CVE-2022-0393, CVE-2022-0407,vim: Stretch is not affected
Tests succeed / vulnerable code is not present
- - - - -
a96656c0 by Markus Koschany at 2022-03-11T19:47:47+01:00
Mark six vim CVE in Stretch as no-dsa or postponed
- - - - -
4651d02c by Markus Koschany at 2022-03-11T19:50:25+01:00
Remove vim no-dsa tags for upcoming security update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3789,6 +3789,7 @@ CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428)
CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...)
@@ -4279,6 +4280,7 @@ CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397)
CVE-2022-0628
@@ -7020,6 +7022,7 @@ CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281)
CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access controls ...)
@@ -7463,6 +7466,7 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245)
CVE-2022-0416
@@ -7566,6 +7570,7 @@ CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (vulnerable code is not present)
NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219)
CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...)
@@ -7715,6 +7720,7 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ...
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (vulnerable code is not present)
NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba
NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233)
CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...)
@@ -12399,6 +12405,7 @@ CVE-2022-0156 (vim is vulnerable to Use After Free ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040)
CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...)
@@ -15969,6 +15976,7 @@ CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read ...)
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884)
CVE-2021-4165
@@ -21411,14 +21419,12 @@ CVE-2021-3974 (vim is vulnerable to Use After Free ...)
- vim 2:8.2.3995-1 (bug #1001897)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612)
CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3995-1 (bug #1001899)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e
NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611)
CVE-2021-3972
@@ -24200,14 +24206,12 @@ CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable ...)
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582)
CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3995-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581)
CVE-2021-43357
@@ -29433,7 +29437,6 @@ CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3565-1
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b
CVE-2021-3871
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e13ea762fad6ddbfbb5d783dd7fb9b392e51454...4651d02c2be1af982f7b16b3a29df7b5776026e1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e13ea762fad6ddbfbb5d783dd7fb9b392e51454...4651d02c2be1af982f7b16b3a29df7b5776026e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220311/0a626462/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list