[Git][security-tracker-team/security-tracker][master] Remove no-dsa tags for vim and triage several CVE.

Markus Koschany (@apo) apo at debian.org
Mon May 16 18:01:28 BST 2022 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9716c4a7 by Markus Koschany at 2022-05-16T19:00:39+02:00
Remove no-dsa tags for vim and triage several CVE.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3718,6 +3718,7 @@ CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim p
 	- vim 2:8.2.4793-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <not-affected> (Vulnerable code not present)
 	NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
 	NOTE: https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (v8.2.4774)
 CVE-2021-46784
@@ -4164,6 +4165,7 @@ CVE-2022-1381 (global heap buffer overflow in skip_range in GitHub repository vi
 	- vim 2:8.2.4793-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
+	[stretch] - vim <not-affected> (Vulnerable code not present)
 	NOTE: https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4/
 	NOTE: https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 (v8.2.4763)
 CVE-2022-29403
@@ -16561,7 +16563,6 @@ CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
 	NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359)
 CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...)
@@ -18715,7 +18716,6 @@ CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
 	NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281)
 CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access controls ...)
@@ -19255,7 +19255,6 @@ CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
 	NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253)
 CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...)
@@ -20295,7 +20294,6 @@ CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub reposi
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
 	NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206)
 CVE-2022-0350 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
@@ -22476,7 +22474,6 @@ CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <postponed> (Fix introduces a test regression)
 	NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
 	NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120)
 CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9716c4a799d02ec28c87650d380f26aebd268f25

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9716c4a799d02ec28c87650d380f26aebd268f25
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220516/a1073ded/attachment.htm>

More information about the debian-security-tracker-commits mailing list