[Git][security-tracker-team/security-tracker][master] Reserve DLA-4097-1 for vim
Sean Whitton (@spwhitton)
spwhitton at debian.org
Sun Mar 30 03:55:36 BST 2025
Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b0474203 by Sean Whitton at 2025-03-30T10:55:23+08:00
Reserve DLA-4097-1 for vim
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -53652,7 +53652,6 @@ CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for you
CVE-2024-47814 (Vim is an open source, command line text editor. A use-after-free was ...)
- vim 2:9.1.0777-1 (bug #1084806)
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <postponed> (Minor issue)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
NOTE: https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 (v9.1.0764)
CVE-2024-47782 (WikiDiscover is an extension designed for use with a CreateWiki manage ...)
@@ -62271,7 +62270,6 @@ CVE-2024-43806 (Rustix is a set of safe Rust bindings to POSIX-ish APIs. When us
CVE-2024-43802 (Vim is an improved version of the unix vi text editor. When flushing t ...)
- vim 2:9.1.0698-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <postponed> (Minor issue)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
NOTE: https://github.com/vim/vim/commit/322ba9108612bead5eb7731ccb66763dec69ef1b (v9.1.0697)
CVE-2024-43444 (Passwords of agents and customers are displayed in plain text in the O ...)
@@ -122744,7 +122742,6 @@ CVE-2024-23196 (A race condition was found in the Linux kernel's sound/hda devi
CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because did_set_ ...)
- vim 2:9.0.2189-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 (v9.0.2142)
NOTE: https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt
@@ -145695,7 +145692,6 @@ CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/clien
CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- vim 2:9.0.2018-1 (bug #1053694)
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <postponed> (Minor issue, 1-byte overflow)
NOTE: https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04
NOTE: https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf
@@ -149539,7 +149535,6 @@ CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to
{DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/
NOTE: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (v9.0.1873)
CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.)
@@ -149785,7 +149780,6 @@ CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
{DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/
NOTE: https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 (v9.0.1858)
CVE-2023-4750 (Use After Free in GitHub repository vim/vim prior to 9.0.1857.)
@@ -150144,7 +150138,6 @@ CVE-2023-41180 (Incorrect certificate validation in InvokeHTTP on Apache NiFi Mi
CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...)
- vim 2:9.0.1894-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue; intrusive and hard to backport and will need a rewrite)
NOTE: https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612/
NOTE: https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 (v9.0.1848)
@@ -164326,7 +164319,6 @@ CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior
{DLA-3453-1}
- vim 2:9.0.1658-1 (bug #1035955)
[bookworm] - vim 2:9.0.1378-2+deb12u1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532)
CVE-2023-32216 (Memory safety bugs present in Firefox 112. Some of these bugs showed ...)
@@ -176704,7 +176696,6 @@ CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior
CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...)
{DLA-3453-1}
- vim 2:9.0.1378-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378)
CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...)
@@ -192070,7 +192061,6 @@ CVE-2023-22603
CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.)
{DLA-3453-1}
- vim 2:9.0.1378-1 (bug #1031875)
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145)
CVE-2023-0053 (SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 ...)
@@ -201609,7 +201599,6 @@ CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6
CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...)
{DLA-3453-1}
- vim 2:9.0.1000-1 (bug #1027146)
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947)
CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...)
@@ -216948,7 +216937,6 @@ CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all ver
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...)
{DLA-3182-1}
- vim 2:9.0.0626-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
NOTE: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb (v9.0.0598)
CVE-2022-3323 (An SQL injection vulnerability in Advantech iView 5.7.04.6469. The spe ...)
@@ -220984,7 +220972,6 @@ CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanit
CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389.)
{DLA-3182-1}
- vim 2:9.0.0626-1 (bug #1019590)
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389)
CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to create a file ...)
@@ -222885,7 +222872,6 @@ CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite 3.
CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360.)
{DLA-3182-1}
- vim 2:9.0.0626-1 (bug #1019590)
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360)
CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...)
@@ -234886,7 +234872,6 @@ CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not san
CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.)
{DLA-3182-1}
- vim 2:9.0.0135-1 (bug #1015984)
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
NOTE: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035)
CVE-2022-2303 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
@@ -237760,7 +237745,6 @@ CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, al
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
{DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
- [bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126)
@@ -241564,7 +241548,6 @@ CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be c
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
{DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
- [bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063)
@@ -243434,7 +243417,6 @@ CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file sy
CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.)
{DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
- [bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043)
@@ -243838,7 +243820,6 @@ CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2.)
CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
{DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
- [bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)
@@ -246024,7 +246005,6 @@ CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel\u2019s io_uri
CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.)
{DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
- [bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109
NOTE: https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977)
@@ -248106,7 +248086,6 @@ CVE-2022-30321 (go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access v
CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim prior to ...)
{DLA-3182-1 DLA-3011-1}
- vim 2:9.0.0135-1 (bug #1015984)
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
NOTE: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c (v8.2.4895)
CVE-2022-30320 (Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Ri ...)
@@ -263947,7 +263926,6 @@ CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Ins
CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.)
{DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359)
CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...)
@@ -266751,7 +266729,6 @@ CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise an
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.)
{DLA-3182-1 DLA-3053-1}
- vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245)
CVE-2022-0416
@@ -267130,7 +267107,6 @@ CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP funct
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.)
{DLA-3204-1}
- vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
[stretch] - vim <not-affected> (vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218)
@@ -267660,7 +267636,6 @@ CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.)
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.)
{DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215)
CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...)
@@ -267668,7 +267643,6 @@ CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer Word
CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.)
{DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214)
CVE-2022-0358 (A flaw was found in the QEMU virtio-fs shared file system daemon (virt ...)
@@ -267869,7 +267843,6 @@ CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior t
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...)
{DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206)
CVE-2022-0350 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...)
@@ -270185,7 +270158,6 @@ CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore
CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.)
{DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120)
CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -274613,7 +274585,6 @@ CVE-2021-44465 (Improper access control in Odoo Community 13.0 and earlier and O
NOTE: https://github.com/odoo/odoo/issues/107692
CVE-2021-4187 (vim is vulnerable to Use After Free)
- vim 2:8.2.3995-1
- [bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <not-affected> (Vulnerable code introduced later)
[stretch] - vim <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e
@@ -275283,7 +275254,6 @@ CVE-2021-4174
RESERVED
CVE-2021-4173 (vim is vulnerable to Use After Free)
- vim 2:8.2.3995-1
- [bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <not-affected> (Vulnerable code introduced later)
[stretch] - vim <not-affected> (Vulnerable code introduced later)
NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766
@@ -280655,7 +280625,6 @@ CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input D
CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow)
{DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669)
CVE-2021-44220
@@ -289929,7 +289898,6 @@ CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Mic
CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow)
{DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3565-1
- [bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b
CVE-2021-3871
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Mar 2025] DLA-4097-1 vim - security update
+ {CVE-2021-3872 CVE-2021-4019 CVE-2021-4173 CVE-2021-4187 CVE-2022-0261 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0417 CVE-2022-0572 CVE-2022-1616 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-2304 CVE-2022-3099 CVE-2022-3134 CVE-2022-3324 CVE-2022-4141 CVE-2023-0054 CVE-2023-1175 CVE-2023-2610 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-5344 CVE-2024-22667 CVE-2024-43802 CVE-2024-47814}
+ [bullseye] - vim 2:8.2.2434-3+deb11u2
[30 Mar 2025] DLA-4096-1 librabbitmq - security update
{CVE-2023-35789}
[bullseye] - librabbitmq 0.10.0-1+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -292,22 +292,6 @@ u-boot (dleidert)
NOTE: 20250219: New CVEs, plus it's time to fix all the no-dsa&postponed CVEs (Beuc/front-desk)
NOTE: 20250327: All patches prepped; currently testing (dleidert)
--
-vim (Sean Whitton)
- NOTE: 20250114: Added by Front-Desk (rouca)
- NOTE: 20250129: Fixes for first 29 outstanding CVEs backported in
- NOTE: 20250129: salsa:lts-team/packages/vim.git#debian/bullseye.
- NOTE: 20250129: However, the tests do not pass yet. (spwhitton)
- NOTE: 20250129: Re CVE-2024-22667: There are three sprintf calls sites which
- NOTE: 20250129: need changing to snprintf: two in did_set_string_option, and
- NOTE: 20250129: one in illegal_char. The fourth call site changed in
- NOTE: 20250129: upstream's patch was introduced later. (spwhitton)
- NOTE: 20250214: Still working on the backports. (spwhitton)
- NOTE: 20250214: Got report that bookworm-pu FTBFS on some architectures.
- NOTE: 20250214: Will prepare second bookworm-pu to fix this. (spwhitton)
- NOTE: 20250228: Still working on the backports. Had to focus on Emacs this
- NOTE: 20250228: week because there was a bad arbitrary code execution CVE to
- NOTE: 20250228: fix. (spwhitton)
---
webkit2gtk (Emilio)
NOTE: 20250321: Added by Front-Desk (pochu)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0474203e0270b5bd353f4c18a4dbe4bbb5634f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0474203e0270b5bd353f4c18a4dbe4bbb5634f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250330/c8cdba1b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list