[Git][security-tracker-team/security-tracker][master] buster/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon May 9 15:15:00 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4a64b16 by Moritz Muehlenhoff at 2022-05-09T16:13:48+02:00
buster/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -379,9 +379,10 @@ CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_u
 	NOTE: https://github.com/admesh/admesh/issues/28
 	NOTE: https://github.com/admesh/admesh/commit/e84d8353f1347e1f26f0a95770d92ba14e6ede38
 CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...)
-	- vim <unfixed>
+	- vim <unfixed> (unimportant)
 	NOTE: https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51
 	NOTE: https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f (v8.2.4901)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...)
 	- vim <unfixed>
 	NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
@@ -5525,6 +5526,8 @@ CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS)
 	NOT-FOR-US: Apifox
 CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. ...)
 	- imagemagick <unfixed>
+	[bullseye] - imagemagick <no-dsa> (Minor issue)
+	[buster] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a64b1602558566682c1a6d9255a26088d5d924

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4a64b1602558566682c1a6d9255a26088d5d924
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220509/c24d5211/attachment.htm>

More information about the debian-security-tracker-commits mailing list