[Git][security-tracker-team/security-tracker][master] Track more vim fixes via unstable upload

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2352f76 by Salvatore Bonaccorso at 2023-03-05T08:54:28+01:00
Track more vim fixes via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -143,7 +143,7 @@ CVE-2023-1172
 CVE-2023-1171
 	RESERVED
 CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed>
+	- vim 2:9.0.1378-1
 	NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4
 	NOTE: https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c (v9.0.1376)
 CVE-2023-1169
@@ -587,7 +587,7 @@ CVE-2023-1129
 CVE-2023-1128
 	RESERVED
 CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1378-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
 	NOTE: https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c (v9.0.1367)
 	NOTE: Crash in CLI tool, no security impact
@@ -8372,7 +8372,7 @@ CVE-2023-0514
 CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 a ...)
 	NOT-FOR-US: isoftforce Dreamer CMS
 CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1378-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74
 	NOTE: https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835 (v9.0.1247)
 	NOTE: Crash in CLI tool, no security impact
@@ -9638,7 +9638,7 @@ CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prio
 CVE-2023-24054
 	REJECTED
 CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1378-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/
 	NOTE: https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b (v9.0.1225)
 	NOTE: Crash in CLI tool, no security impact
@@ -11204,7 +11204,7 @@ CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID param
 CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...)
 	NOT-FOR-US: craigk5n/webcalendar
 CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1378-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3
 	NOTE: https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a (v9.0.1189)
 	NOTE: Crash in CLI tool, no security impact
@@ -14239,7 +14239,7 @@ CVE-2023-22604
 CVE-2023-22603
 	REJECTED
 CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. ...)
-	- vim <unfixed> (bug #1031875)
+	- vim 2:9.0.1378-1 (bug #1031875)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
@@ -14249,14 +14249,14 @@ CVE-2023-0053 (SAUTER Controls Nova 200–220 Series with firmware version 3
 CVE-2023-0052 (SAUTER Controls Nova 200–220 Series with firmware version 3.3-00 ...)
 	NOT-FOR-US: SAUTER
 CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1378-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
 	NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2023-0050
 	RESERVED
 CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1378-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9
 	NOTE: https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c (v9.0.1143)
 	NOTE: Crash in CLI tool, no security impact



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2352f7600dcff329e7c0a06755910c2c05fdf1b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2352f7600dcff329e7c0a06755910c2c05fdf1b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230305/bb0c4967/attachment-0001.htm>