[Git][security-tracker-team/security-tracker][master] vim fixed in sid

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4911d3cd by Moritz Muehlenhoff at 2023-09-11T22:39:34+02:00
vim fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -534,7 +534,7 @@ CVE-2023-29166 (A logic issue was addressed with improved state management. This
 CVE-2023-36851
 	NOT-FOR-US: Juniper
 CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed>
+	- vim 2:9.0.1894-1
 	[bookworm] - vim <no-dsa> (Minor issue)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/
@@ -700,20 +700,20 @@ CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-D
 	NOTE: https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
 	NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
 CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
-	- vim <unfixed>
+	- vim 2:9.0.1894-1
 	[bookworm] - vim <no-dsa> (Minor issue)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/
 	NOTE: https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 (v9.0.1858)
 CVE-2023-4750 (Use After Free in GitHub repository vim/vim prior to 9.0.1857.)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1894-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea/
 	NOTE: https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed (v9.0.1857)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2023-4748 (A vulnerability, which was classified as critical, has been found in Y ...)
 	NOT-FOR-US: Yongyou UFIDA-NC
 CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1894-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/
 	NOTE: https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c (v9.0.1840)
 	NOTE: Crash in CLI tool, no security impact
@@ -1006,7 +1006,7 @@ CVE-2023-32806 (In wlan driver, there is a possible out of bounds write due to i
 CVE-2023-32805 (In power, there is a possible out of bounds write due to an insecure d ...)
 	NOT-FOR-US: MediaTek
 CVE-2023-4751 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1894-1 (unimportant)
 	NOTE: https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b (v9.0.1331)
 	NOTE: https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378
 	NOTE: Crash in CLI tool, no security impact
@@ -1051,7 +1051,7 @@ CVE-2023-37220 (Synel Terminals - CWE-494: Download of Code Without Integrity Ch
 CVE-2023-41180 (Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
-	- vim <unfixed>
+	- vim 2:9.0.1894-1
 	[bookworm] - vim <no-dsa> (Minor issue)
 	[bullseye] - vim <no-dsa> (Minor issue)
 	[buster] - vim <no-dsa> (Minor issue)
@@ -1062,12 +1062,12 @@ CVE-2023-4736 (Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1
 	NOTE: https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/
 	NOTE: https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c (v9.0.1833)
 CVE-2023-4735 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1894-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/
 	NOTE: https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 (v9.0.1847)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2023-4734 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1894-1 (unimportant)
 	NOTE: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/
 	NOTE: https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 (v9.0.1846)
 	NOTE: Crash in CLI tool, no security impact
@@ -4795,7 +4795,7 @@ CVE-2023-4155
 	[buster] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/7588dbcebcbf0193ab5b76987396d0254270b04a
 CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3)
-	- vim <unfixed> (unimportant)
+	- vim 2:9.0.1894-1 (unimportant)
 	[buster] - vim <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/vim/vim/issues/12528
 	NOTE: https://github.com/vim/vim/pull/12540



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4911d3cd0241261fae2b047d21732cfa428503e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4911d3cd0241261fae2b047d21732cfa428503e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230911/3376abf5/attachment.htm>