[Git][security-tracker-team/security-tracker][master] Add three new vim issues

Tue, 28 Jun 2022 02:55:12 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5186dd3 by Salvatore Bonaccorso at 2022-06-28T11:54:38+02:00
Add three new vim issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -586,13 +586,20 @@ CVE-2022-2211 [Buffer overflow in get_keys leads to Dos]
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100862
        TODO: check, upstream references, mentioned code is actually in 
src:guestfs-tools
 CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 
...)
-       TODO: check
+       - vim <unfixed>
+       NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25
+       NOTE: 
https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa 
(v8.2.5164)
 CVE-2022-2209
        RESERVED
 CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 
8.2. ...)
-       TODO: check
+       - vim <unfixed> (unimportant)
+       NOTE: https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1
+       NOTE: 
https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 
(v8.2.5163)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-2207 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 8.2. ...)
-       TODO: check
+       - vim <unfixed>
+       NOTE: https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9
+       NOTE: 
https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b 
(v8.2.5162)
 CVE-2022-34493
        RESERVED
 CVE-2022-34492



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5186dd327468fad357c949db23f7d552adda303

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5186dd327468fad357c949db23f7d552adda303
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to