[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 24 09:52:33 GMT 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
778bff91 by Moritz Muehlenhoff at 2022-11-24T10:51:59+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16240,9 +16240,10 @@ CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable assertion
 	NOTE: https://github.com/jasper-software/jasper/issues/338
 CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...)
 	{DLA-3182-1}
-	- vim 2:9.0.0626-1
+	- vim 2:9.0.0626-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da/
 	NOTE: https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d (v9.0.0483)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in t ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...)
@@ -20604,11 +20605,11 @@ CVE-2022-3038 (Use after free in Network Service in Google Chrome prior to 105.0
 	- chromium 105.0.5195.52-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. ...)
-	- vim 2:9.0.0626-1 (bug #1019590)
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:9.0.0626-1 (bug #1019590; unimportant)
 	[buster] - vim <not-affected> (quickfixtextfunc added in 8.2.0869)
 	NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
 	NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 does n ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
@@ -21416,11 +21417,11 @@ CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a m
 CVE-2022-2983
 	RESERVED
 CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. ...)
-	- vim 2:9.0.0626-1 (bug #1019590)
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:9.0.0626-1 (bug #1019590; unimportant)
 	[buster] - vim <not-affected> (quickfixtextfunc added in 8.2.0869)
 	NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
 	NOTE: https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2981 (The Download Monitor WordPress plugin before 4.5.98 does not ensure th ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.025 ...)
@@ -21696,10 +21697,10 @@ CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apa
 	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625
 CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246. ...)
 	{DLA-3182-1}
-	- vim 2:9.0.0626-1 (bug #1019590)
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:9.0.0626-1 (bug #1019590; unimportant)
 	NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
 	NOTE: https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2945 (The WordPress Infinite Scroll – Ajax Load More plugin for WordPr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-2944
@@ -31930,10 +31931,10 @@ CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access contro
 	NOT-FOR-US: JetBrains Hub
 CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
 	{DLA-3182-1}
-	- vim 2:9.0.0135-1 (bug #1015984)
-	[bullseye] - vim <no-dsa> (Minor issue)
+	- vim 2:9.0.0135-1 (bug #1015984; unimportant)
 	NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
 	NOTE: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
 	- vim 2:9.0.0135-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874/


=====================================
data/dsa-needed.txt
=====================================
@@ -68,3 +68,5 @@ sox
 --
 tiff
 --
+xfce4-settings (Corsac)
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778bff91172866ad880639e69977d7e1f83944f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778bff91172866ad880639e69977d7e1f83944f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221124/06e61758/attachment.htm>

More information about the debian-security-tracker-commits mailing list