[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-2426,vim: Buster, not-affected

Mon Jun 12 18:37:50 BST 2023


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1bf72b36 by Markus Koschany at 2023-06-12T19:36:38+02:00
CVE-2023-2426,vim: Buster, not-affected

The vulnerable code was introduced later

- - - - -
c57e728a by Markus Koschany at 2023-06-12T19:37:33+02:00
Reserve DLA-3453-1 for vim

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3031,7 +3031,6 @@ CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior
 	- vim <unfixed> (bug #1035955)
 	[bookworm] - vim <no-dsa> (Minor issue)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
 	NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532)
 CVE-2023-32216
@@ -3397,7 +3396,7 @@ CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
 CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior  ...)
 	- vim 2:9.0.1378-2 (bug #1035323)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
+	[buster] - vim <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
 	NOTE: https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b (v9.0.1499)
 CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...)
@@ -15012,7 +15011,6 @@ CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior
 CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...)
 	- vim 2:9.0.1378-1
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
 	NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378)
 CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...)
@@ -30051,7 +30049,6 @@ CVE-2023-22603
 CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.)
 	- vim 2:9.0.1378-1 (bug #1031875)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
 	NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145)
 CVE-2023-0053 (SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 ...)
@@ -39347,7 +39344,6 @@ CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6
 CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...)
 	- vim 2:9.0.1000-1 (bug #1027146)
 	[bullseye] - vim <no-dsa> (Minor issue)
-	[buster] - vim <postponed> (Minor issue)
 	NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
 	NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947)
 CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 Jun 2023] DLA-3453-1 vim - security update
+	{CVE-2022-4141 CVE-2023-0054 CVE-2023-1175 CVE-2023-2610}
+	[buster] - vim 2:8.1.0875-5+deb10u5
 [12 Jun 2023] DLA-3452-1 thunderbird - security update
 	{CVE-2023-34414 CVE-2023-34416}
 	[buster] - thunderbird 1:102.12.0-1~deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd770997d1c66919f1ae1784ba67d2c6aa299ea8...c57e728a31ddd1fee96eadd13cc735a49169f1f9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bd770997d1c66919f1ae1784ba67d2c6aa299ea8...c57e728a31ddd1fee96eadd13cc735a49169f1f9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230612/a9ef4892/attachment-0001.htm>
