[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5311755 by Moritz Muehlenhoff at 2022-11-14T10:35:38+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,10 +6,12 @@ CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL
 	NOTE: https://github.com/python-pillow/Pillow/pull/6700
 CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...)
 	- pillow 9.2.0-1
+	[bullseye] - pillow <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 (9.2.0)
 	NOTE: https://github.com/python-pillow/Pillow/pull/6402
 CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified as pro ...)
 	- nagvis 1:1.9.34-1
+	[bullseye] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 (nagvis-1.9.34)
 CVE-2022-3978 (A vulnerability, which was classified as problematic, was found in Nod ...)
 	TODO: check
@@ -64660,10 +64662,10 @@ CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 au
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed
 	NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...)
@@ -66031,12 +66033,12 @@ CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates
 CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...)
 	NOT-FOR-US: orchardcore
 CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...)
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	[buster] - vim <not-affected> (The vulnerable code was introduced later)
 	[stretch] - vim <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/
 	NOTE: https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 (v8.2.4049)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of Input  ...)
 	- phoronix-test-suite <removed>
 CVE-2022-22848
@@ -66098,12 +66100,10 @@ CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote
 CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media  ...)
 	NOT-FOR-US: Kentico Xperience CMS
 CVE-2022-0156 (vim is vulnerable to Use After Free ...)
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
-	[stretch] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
 	NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...)
 	{DSA-5073-1 DLA-2904-1}
 	- expat 2.4.3-1 (bug #1003474)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5311755dd15aa1f9b32c7030fb46b1931cd5dbf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5311755dd15aa1f9b32c7030fb46b1931cd5dbf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221114/b5ff699a/attachment.htm>