[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-0393, CVE-2022-0407,vim: Stretch is not affected

Markus Koschany (@apo) Fri, 11 Mar 2022 10:51:11 -0800


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
840db55a by Markus Koschany at 2022-03-11T19:44:37+01:00
CVE-2022-0393, CVE-2022-0407,vim: Stretch is not affected

Tests succeed / vulnerable code is not present

- - - - -
a96656c0 by Markus Koschany at 2022-03-11T19:47:47+01:00
Mark six vim CVE in Stretch as no-dsa or postponed

- - - - -
4651d02c by Markus Koschany at 2022-03-11T19:50:25+01:00
Remove vim no-dsa tags for upcoming security update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3789,6 +3789,7 @@ CVE-2022-0696 (NULL Pointer Dereference in GitHub 
repository vim/vim prior to 8.
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/
        NOTE: 
https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 
(v8.2.4428)
 CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior 
to 5.6. ...)
@@ -4279,6 +4280,7 @@ CVE-2022-0629 (Stack-based Buffer Overflow in GitHub 
repository vim/vim prior to
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <postponed> (Minor issue)
        NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/
        NOTE: 
https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc 
(v8.2.4397)
 CVE-2022-0628
@@ -7020,6 +7022,7 @@ CVE-2022-0443 (Use After Free in GitHub repository 
vim/vim prior to 8.2. ...)
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <postponed> (Minor issue)
        NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
        NOTE: 
https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 
(v8.2.4281)
 CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access 
controls ...)
@@ -7463,6 +7466,7 @@ CVE-2022-0417 (Heap-based Buffer Overflow GitHub 
repository vim/vim prior to 8.2
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
        NOTE: 
https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a 
(v8.2.4245)
 CVE-2022-0416
@@ -7566,6 +7570,7 @@ CVE-2022-0407 (Heap-based Buffer Overflow in GitHub 
repository vim/vim prior to
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <not-affected> (vulnerable code is not present)
        NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
        NOTE: 
https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e 
(v8.2.4219)
 CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send 
requests to by ...)
@@ -7715,6 +7720,7 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository 
vim/vim prior to 8.2. ...
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <not-affected> (vulnerable code is not present)
        NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba
        NOTE: 
https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 
(v8.2.4233)
 CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with 
kernel  ...)
@@ -12399,6 +12405,7 @@ CVE-2022-0156 (vim is vulnerable to Use After Free ...)
        - vim <unfixed>
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36
        NOTE: 
https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f 
(v8.2.4040)
 CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 
has an in ...)
@@ -15969,6 +15976,7 @@ CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read 
...)
        - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
+       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
        NOTE: 
https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 
(v8.2.3884)
 CVE-2021-4165
@@ -21411,14 +21419,12 @@ CVE-2021-3974 (vim is vulnerable to Use After Free 
...)
        - vim 2:8.2.3995-1 (bug #1001897)
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
-       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4
        NOTE: 
https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 
(v8.2.3612)
 CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow ...)
        - vim 2:8.2.3995-1 (bug #1001899)
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
-       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e
        NOTE: 
https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 
(v8.2.3611)
 CVE-2021-3972
@@ -24200,14 +24206,12 @@ CVE-2021-3928 (vim is vulnerable to Use of 
Uninitialized Variable ...)
        - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
-       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 
(v8.2.3582)
 CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow ...)
        - vim 2:8.2.3995-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
-       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e 
(v8.2.3581)
 CVE-2021-43357
@@ -29433,7 +29437,6 @@ CVE-2021-3872 (vim is vulnerable to Heap-based Buffer 
Overflow ...)
        - vim 2:8.2.3565-1
        [bullseye] - vim <no-dsa> (Minor issue)
        [buster] - vim <no-dsa> (Minor issue)
-       [stretch] - vim <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
        NOTE: 
https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b
 CVE-2021-3871



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e13ea762fad6ddbfbb5d783dd7fb9b392e51454...4651d02c2be1af982f7b16b3a29df7b5776026e1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e13ea762fad6ddbfbb5d783dd7fb9b392e51454...4651d02c2be1af982f7b16b3a29df7b5776026e1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2022-0393, CVE-2022-0407,vim: Stretch is not affected

Reply via email to