Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cb490882 by Markus Koschany at 2022-03-10T22:53:59+01:00
CVE-2022-0158,CVE-2022-0392,vim: Stretch is not affected
The vulnerable code was introduced later
- - - - -
c5a79a86 by Markus Koschany at 2022-03-10T22:56:12+01:00
Mark five vim CVE as postponed in Stretch
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4997,6 +4997,7 @@ CVE-2022-0572 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
NOTE:
https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f
(v8.2.4359)
CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository
phoronix-t ...)
@@ -7441,6 +7442,7 @@ CVE-2022-0413 (Use After Free in GitHub repository
vim/vim prior to 8.2. ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
NOTE:
https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a
(v8.2.4253)
CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI
WooComm ...)
@@ -7724,6 +7726,7 @@ CVE-2022-0392 (Heap-based Buffer Overflow in GitHub
repository vim prior to 8.2.
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
NOTE:
https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a
(v8.2.4218)
CVE-2022-0391 (A flaw was found in Python, specifically within the
urllib.parse modul ...)
@@ -8438,6 +8441,7 @@ CVE-2022-0351 (Access of Memory Location Before Start of
Buffer in GitHub reposi
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
NOTE:
https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d
(v8.2.4206)
CVE-2022-0350
@@ -9103,6 +9107,7 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim
prior to 8.2. ...)
- vim <unfixed> (bug #1004859)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08
NOTE:
https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc
(v8.2.4151)
CVE-2022-0317 (An improper input validation vulnerability in go-attestation
before 0. ...)
@@ -10586,6 +10591,7 @@ CVE-2022-0261 (Heap-based Buffer Overflow in GitHub
repository vim/vim prior to
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <postponed> (Fix introduces a test regression)
NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
NOTE:
https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc
(v8.2.4120)
CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository
pimcore/pimco ...)
@@ -12251,6 +12257,7 @@ CVE-2022-0158 (vim is vulnerable to Heap-based Buffer
Overflow ...)
- vim <unfixed>
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
+ [stretch] - vim <not-affected> (vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/
NOTE:
https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39
(v8.2.4049)
CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of
Input ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5953d8db8318114dd93d52fc59670b7145512e78...c5a79a86622ede55dd7f3a765878142a75d8474d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5953d8db8318114dd93d52fc59670b7145512e78...c5a79a86622ede55dd7f3a765878142a75d8474d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
