[Git][security-tracker-team/security-tracker][master] bullseye triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cc7c9f5 by Moritz Muehlenhoff at 2022-11-18T13:08:06+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7611,6 +7611,7 @@ CVE-2022-43706
 CVE-2022-43705 [malicious OCSP responder could forge OCSP responses]
 	RESERVED
 	- botan 2.19.3+dfsg-1
+	[bullseye] - botan <no-dsa> (Minor issue)
 	NOTE: https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w
 	NOTE: https://github.com/randombit/botan/commit/fd83d9e262f63fb673e4c13ca37e5b768e41e812 (2.19.3)
 	NOTE: https://github.com/randombit/botan/commit/4e35073ff356e37c3adcf1ff3522e9d0d48c765f (2.19.3)
@@ -61584,10 +61585,10 @@ CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	{DLA-3182-1 DLA-3011-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
 	NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281)
+	NOTE: Crash in CLI tool, no security issue
 CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access controls ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0441 (The MasterStudy LMS WordPress plugin before 2.7.6 does to validate som ...)
@@ -62126,10 +62127,10 @@ CVE-2022-0414 (Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.
 	- dolibarr <removed>
 CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 	{DLA-3182-1 DLA-3011-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
 	NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253)
+	NOTE: Crash in CLI tool, no security issue
 CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and  ...)
@@ -62163,17 +62164,17 @@ CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist show
 	NOT-FOR-US: ShowDoc
 CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	{DLA-3182-1 DLA-2947-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
 	NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247)
+	NOTE: Crash in CLI tool, no security issue
 CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	[buster] - vim <not-affected> (The vulnerable code is not present)
 	[stretch] - vim <not-affected> (The vulnerable code is not present)
 	NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
 	NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219)
+	NOTE: Crash in CLI tool, no security issue
 CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...)
 	NOT-FOR-US: Apache APISIX
 CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web prior ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cc7c9f5537e1adfe0f913407ad2a39bc41b82bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cc7c9f5537e1adfe0f913407ad2a39bc41b82bb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221118/ecb0192c/attachment.htm>