[Git][security-tracker-team/security-tracker][master] Track more vim fixes via unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Mar 5 07:55:06 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b2352f76 by Salvatore Bonaccorso at 2023-03-05T08:54:28+01:00
Track more vim fixes via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -143,7 +143,7 @@ CVE-2023-1172
CVE-2023-1171
RESERVED
CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- - vim <unfixed>
+ - vim 2:9.0.1378-1
NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4
NOTE: https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c (v9.0.1376)
CVE-2023-1169
@@ -587,7 +587,7 @@ CVE-2023-1129
CVE-2023-1128
RESERVED
CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
NOTE: https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c (v9.0.1367)
NOTE: Crash in CLI tool, no security impact
@@ -8372,7 +8372,7 @@ CVE-2023-0514
CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 a ...)
NOT-FOR-US: isoftforce Dreamer CMS
CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74
NOTE: https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835 (v9.0.1247)
NOTE: Crash in CLI tool, no security impact
@@ -9638,7 +9638,7 @@ CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prio
CVE-2023-24054
REJECTED
CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/
NOTE: https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b (v9.0.1225)
NOTE: Crash in CLI tool, no security impact
@@ -11204,7 +11204,7 @@ CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID param
CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...)
NOT-FOR-US: craigk5n/webcalendar
CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3
NOTE: https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a (v9.0.1189)
NOTE: Crash in CLI tool, no security impact
@@ -14239,7 +14239,7 @@ CVE-2023-22604
CVE-2023-22603
REJECTED
CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. ...)
- - vim <unfixed> (bug #1031875)
+ - vim 2:9.0.1378-1 (bug #1031875)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
@@ -14249,14 +14249,14 @@ CVE-2023-0053 (SAUTER Controls Nova 200–220 Series with firmware version 3
CVE-2023-0052 (SAUTER Controls Nova 200–220 Series with firmware version 3.3-00 ...)
NOT-FOR-US: SAUTER
CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9
NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144)
NOTE: Crash in CLI tool, no security impact
CVE-2023-0050
RESERVED
CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1378-1 (unimportant)
NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9
NOTE: https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c (v9.0.1143)
NOTE: Crash in CLI tool, no security impact
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2352f7600dcff329e7c0a06755910c2c05fdf1b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2352f7600dcff329e7c0a06755910c2c05fdf1b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230305/bb0c4967/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list