[Git][security-tracker-team/security-tracker][master] new vim issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 10 12:50:05 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
996a707b by Moritz Muehlenhoff at 2022-05-10T13:49:23+02:00
new vim issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2022-1644
 CVE-2022-1643
 	RESERVED
 CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextOutputD ...)
-	TODO: check
+	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 CVE-2022-30523
 	RESERVED
 CVE-2022-30522
@@ -40,7 +40,7 @@ CVE-2022-1632
 	RESERVED
 	NOT-FOR-US: OpenShift
 CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub reposi ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2022-1630
 	RESERVED
 CVE-2022-1629
@@ -422,7 +422,7 @@ CVE-2022-30340
 CVE-2022-30336
 	RESERVED
 CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via  ...)
-	TODO: check
+	NOT-FOR-US: Bonanza Wealth Management System
 CVE-2022-26041
 	RESERVED
 CVE-2022-1623
@@ -430,7 +430,11 @@ CVE-2022-1623
 CVE-2022-1622
 	RESERVED
 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
-	TODO: check
+	- vim <unfixed>
+	[bullseye] - vim <no-dsa> (Minor issue)
+	[buster] - vim <no-dsa> (Minor issue)
+	NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
+	NOTE: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b
 CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_ ...)
 	- admesh <unfixed> (bug #1010770)
 	[bullseye] - admesh <no-dsa> (Minor issue; can be fixed via point release)
@@ -453,7 +457,7 @@ CVE-2022-1618
 CVE-2022-1617
 	RESERVED
 CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity is used ...)
-	TODO: check
+	- brave-browser <itp> (bug #864795)
 CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal  ...)
 	- unrar-nonfree <unfixed>
 	[bullseye] - unrar-nonfree <no-dsa> (Non-free not supported)
@@ -725,11 +729,11 @@ CVE-2022-30243
 CVE-2022-30242
 	RESERVED
 CVE-2022-30241 (The jquery.json-viewer library through 1.4.0 for Node.js does not prop ...)
-	TODO: check
+	NOT-FOR-US: Node jquery.json-viewer
 CVE-2022-30240 (An argument injection vulnerability in the browser-based authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Magnitude Simba Amazon Redshift JDBC Driver
 CVE-2022-30239 (An argument injection vulnerability in the browser-based authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Magnitude Simba Amazon Athena JDBC Driver
 CVE-2022-30238
 	RESERVED
 CVE-2022-30237
@@ -1386,7 +1390,7 @@ CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive informa
 	[buster] - fuse-exfat <no-dsa> (Minor issue)
 	NOTE: https://github.com/relan/exfat/issues/185
 CVE-2022-29972 (An argument injection vulnerability in the browser-based authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Magnitude Simba Amazon Redshift ODBC Driver
 CVE-2022-29971 (An argument injection vulnerability in the browser-based authenticatio ...)
 	TODO: check
 CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches  ...)
@@ -1480,7 +1484,7 @@ CVE-2022-29935 (USU Oracle Optimization before 5.17.5 allows attackers to discov
 CVE-2022-29934 (USU Oracle Optimization before 5.17.5 lacks Polkit authentication, whi ...)
 	NOT-FOR-US: USU Oracle Optimization
 CVE-2022-29933 (Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2022-29932
 	RESERVED
 CVE-2022-29931
@@ -1737,7 +1741,7 @@ CVE-2022-1510
 CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...)
 	NOT-FOR-US: Hestia Control Panel
 CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a  ...)
-	TODO: check
+	NOT-FOR-US: 1Password
 CVE-2022-29867
 	RESERVED
 CVE-2022-29866



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/996a707b6ecfafc74438edeb0ff6fd54d540c3f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/996a707b6ecfafc74438edeb0ff6fd54d540c3f6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220510/3ab87383/attachment.htm>

More information about the debian-security-tracker-commits mailing list