[Git][security-tracker-team/security-tracker][master] bullseye triage

Wed Nov 9 10:54:40 GMT 2022


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e1b50cb by Moritz Muehlenhoff at 2022-11-09T11:54:20+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2177,6 +2177,7 @@ CVE-2022-3822
 	RESERVED
 CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...)
 	- systemd 251.3-1
+	[bullseye] - systemd <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139327
 	NOTE: https://github.com/systemd/systemd/issues/23928
 	NOTE: https://github.com/systemd/systemd/pull/23933
@@ -19868,9 +19869,10 @@ CVE-2022-2891 (The WP 2FA WordPress plugin before 2.3.0 uses comparison operator
 CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
 	NOT-FOR-US: yetiforcecrm
 CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225. ...)
-	- vim 2:9.0.0229-1
+	- vim 2:9.0.0229-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa
 	NOTE: https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 (v9.0.0225)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2888 (If an attacker comes into the possession of a victim's OctoPrint sessi ...)
 	- octoprint <itp> (bug #718591)
 CVE-2022-2887 (The WP Server Health Stats WordPress plugin before 1.7.0 does not esca ...)
@@ -20003,10 +20005,11 @@ CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable to
 CVE-2022-2863 (The Migration, Backup, Staging WordPress plugin before 0.9.76 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221. ...)
-	- vim 2:9.0.0229-1
+	- vim 2:9.0.0229-1 (unimportant)
 	[buster] - vim <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
 	NOTE: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (v9.0.0221)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2861 (Inappropriate implementation in Extensions API in Google Chrome prior  ...)
 	{DSA-5212-1}
 	- chromium 104.0.5112.101-1
@@ -20290,10 +20293,11 @@ CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository name
 CVE-2022-2820 (Improper Access Control in GitHub repository namelessmc/nameless prior ...)
 	NOT-FOR-US: NamelessMC/Nameless
 CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
-	- vim 2:9.0.0229-1
+	- vim 2:9.0.0229-1 (unimportant)
 	[buster] - vim <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
 	NOTE: https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889 (v9.0.0211)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2818 (Authentication Bypass by Primary Weakness in GitHub repository cockpit ...)
 	NOT-FOR-US: Cockpit-HQ/Cockpit
 CVE-2022-38305 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e1b50cbbbf564362adeec21bc0cdf185cbcef3e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e1b50cbbbf564362adeec21bc0cdf185cbcef3e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221109/9841b7df/attachment-0001.htm>
