[Git][security-tracker-team/security-tracker][master] Reserve DLA-3204-1 for vim

[Helmut Grohne (@helmutg)]

Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c56dcc47 by Helmut Grohne at 2022-11-24T10:17:12+01:00
Reserve DLA-3204-1 for vim

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38291,7 +38291,6 @@ CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be c
 CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
 	NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063)
@@ -40093,7 +40092,6 @@ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file sy
 CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...)
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
 	NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043)
@@ -40507,7 +40505,6 @@ CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
 CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. ...)
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
 	NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)
@@ -42683,7 +42680,6 @@ CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel’s io_ur
 CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. ...)
 	- vim 2:9.0.0135-1 (bug #1015984)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109
 	NOTE: https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977)
@@ -63500,7 +63496,6 @@ CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP funct
 CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. ...)
 	- vim 2:8.2.4659-1
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	[stretch] - vim <not-affected> (vulnerable code was introduced later)
 	NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
 	NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Nov 2022] DLA-3204-1 vim - security update
+	{CVE-2022-0318 CVE-2022-0392 CVE-2022-0629 CVE-2022-0696 CVE-2022-1619 CVE-2022-1621 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-3235 CVE-2022-3256 CVE-2022-3352}
+	[buster] - vim 2:8.1.0875-5+deb10u4
 [23 Nov 2022] DLA-3203-1 nginx - security update
 	{CVE-2021-3618 CVE-2022-41741 CVE-2022-41742}
 	[buster] - nginx 1.14.2-2+deb10u5


=====================================
data/dla-needed.txt
=====================================
@@ -339,10 +339,6 @@ varnish
   NOTE: 20221109: Programming language: C.
   NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk)
 --
-vim (Helmut)
-  NOTE: 20221108: Programming language: C.
-  NOTE: 20221108: VCS: https://salsa.debian.org/lts-team/packages/vim.git
---
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56dcc47493e0659506a4d7cc7f5ff079beac948

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c56dcc47493e0659506a4d7cc7f5ff079beac948
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221124/b90541e9/attachment-0001.htm>