[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 23 11:29:23 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70450616 by Moritz Muehlenhoff at 2022-11-23T12:29:05+01:00
bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,6 +10,7 @@ CVE-2022-4122
 	RESERVED
 CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS ...)
 	- proftpd-dfsg 1.3.7c+dfsg-1
+	[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
 	NOTE: https://github.com/proftpd/proftpd/issues/1284
 	NOTE: https://github.com/proftpd/proftpd/pull/1285
 	NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 (v1.3.8rc2)
@@ -42870,10 +42871,10 @@ CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/dr
 	NOT-FOR-US: jgraph/drawio
 CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...)
 	{DLA-3182-1 DLA-3053-1}
-	- vim 2:9.0.0135-1 (bug #1015984)
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:9.0.0135-1 (bug #1015984; unimportant)
 	NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8
 	NOTE: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository polonel/t ...)
 	NOT-FOR-US: Trudesk
 CVE-2022-1718 (The trudesk application allows large characters to insert in the input ...)
@@ -44485,11 +44486,10 @@ CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in l
 	NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410
 CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...)
 	{DLA-3011-1}
-	- vim 2:9.0.0135-1 (bug #1015984)
-	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
+	- vim 2:9.0.0135-1 (bug #1015984; unimportant)
 	NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb
 	NOTE: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b (v8.2.4919)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_ ...)
 	{DLA-3019-1}
 	- admesh 0.98.4-2 (bug #1010770)
@@ -44504,11 +44504,10 @@ CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp
 	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...)
 	{DLA-3011-1}
-	- vim 2:9.0.0135-1 (bug #1015984)
-	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
+	- vim 2:9.0.0135-1 (bug #1015984; unimportant)
 	NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450
 	NOTE: https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1618
 	RESERVED
 CVE-2022-1617
@@ -46905,11 +46904,11 @@ CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF toke
 CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...)
 	NOT-FOR-US: WordPress theme
 CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
-	- vim 2:8.2.4793-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4793-1 (unimportant)
 	[buster] - vim <not-affected> (method call operator -> introduced in 8.1.1803)
 	NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326
 	NOTE: https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (v8.2.4774)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due ...)
 	{DSA-5171-1}
 	- squid 5.6-1
@@ -51061,10 +51060,10 @@ CVE-2022-1155 (Old sessions are not blocked by the login enable function. in Git
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...)
 	{DLA-3182-1 DLA-3011-1}
-	- vim 2:8.2.4659-1
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:8.2.4659-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425
 	NOTE: https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (v8.2.4646)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and escape t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7045061679c18af52315a87c63b075f076a93abc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7045061679c18af52315a87c63b075f076a93abc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221123/554bf0b6/attachment.htm>

More information about the debian-security-tracker-commits mailing list