Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e24d0f6 by Markus Koschany at 2022-11-08T16:18:04+01:00
Triage CVE of vim/buster
Triage several CVE as not affected because the vulnerable code was introduced
later
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19890,6 +19890,7 @@ CVE-2022-2863 (The Migration, Backup, Staging WordPress
plugin before 0.9.76 doe
NOT-FOR-US: WordPress plugin
CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221.
...)
- vim 2:9.0.0229-1
+ [buster] - vim <not-affected> (The vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765
NOTE:
https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494
(v9.0.0221)
CVE-2022-2861 (Inappropriate implementation in Extensions API in Google Chrome
prior ...)
@@ -20176,6 +20177,7 @@ CVE-2022-2820 (Improper Access Control in GitHub
repository namelessmc/nameless
NOT-FOR-US: NamelessMC/Nameless
CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- vim 2:9.0.0229-1
+ [buster] - vim <not-affected> (The vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59
NOTE:
https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889
(v9.0.0211)
CVE-2022-2818 (Authentication Bypass by Primary Weakness in GitHub repository
cockpit ...)
@@ -20365,6 +20367,7 @@ CVE-2022-38218
RESERVED
CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0213.
...)
- vim 2:9.0.0229-1 (unimportant)
+ [buster] - vim <not-affected> (The vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f
NOTE:
https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20
(v9.0.0213)
NOTE: Crash in CLI tool, no security impact
@@ -23609,6 +23612,7 @@ CVE-2022-2572 (In affected versions of Octopus Server
where access is managed by
NOT-FOR-US: Octopus Server
CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.0 ...)
- vim 2:9.0.0135-1 (unimportant)
+ [buster] - vim <not-affected> (The vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/
NOTE:
https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614
(v9.0.0102)
NOTE: Crash in CLI tool, no security impact
@@ -60469,8 +60473,8 @@ CVE-2022-0408 (Stack-based Buffer Overflow in GitHub
repository vim/vim prior to
CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <not-affected> (vulnerable code is not present)
+ [buster] - vim <not-affected> (The vulnerable code is not present)
+ [stretch] - vim <not-affected> (The vulnerable code is not present)
NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
NOTE:
https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e
(v8.2.4219)
CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send
requests to by ...)
@@ -60628,8 +60632,8 @@ CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in
Packagist remdex/livehelpe
CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <not-affected> (vulnerable code is not present)
+ [buster] - vim <not-affected> (The vulnerable code is not present)
+ [stretch] - vim <not-affected> (The vulnerable code is not present)
NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba
NOTE:
https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323
(v8.2.4233)
CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with
kernel ...)
@@ -65442,8 +65446,8 @@ CVE-2022-0159 (orchardcore is vulnerable to Improper
Neutralization of Input Dur
CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.4659-1
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <not-affected> (vulnerable code was introduced later)
+ [buster] - vim <not-affected> (The vulnerable code was introduced later)
+ [stretch] - vim <not-affected> (The vulnerable code was introduced
later)
NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/
NOTE:
https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39
(v8.2.4049)
CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of
Input ...)
@@ -74891,8 +74895,8 @@ CVE-2021-3969 (A Time of Check Time of Use (TOCTOU)
vulnerability was reported i
CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow ...)
- vim 2:8.2.3995-1 (bug #1001900)
[bullseye] - vim <no-dsa> (Minor issue)
- [buster] - vim <no-dsa> (Minor issue)
- [stretch] - vim <not-affected> (Vulnerable code not present)
+ [buster] - vim <not-affected> (The vulnerable code is not present)
+ [stretch] - vim <not-affected> (The vulnerable code is not present)
NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/
NOTE:
https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69
(v8.2.3610)
CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ###
Impact An ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e24d0f64c1f632f06dc68f5a4c3725b012d27f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e24d0f64c1f632f06dc68f5a4c3725b012d27f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
