Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cc7c9f5 by Moritz Muehlenhoff at 2022-11-18T13:08:06+01:00
bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7611,6 +7611,7 @@ CVE-2022-43706
CVE-2022-43705 [malicious OCSP responder could forge OCSP responses]
RESERVED
- botan 2.19.3+dfsg-1
+ [bullseye] - botan <no-dsa> (Minor issue)
NOTE:
https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w
NOTE:
https://github.com/randombit/botan/commit/fd83d9e262f63fb673e4c13ca37e5b768e41e812
(2.19.3)
NOTE:
https://github.com/randombit/botan/commit/4e35073ff356e37c3adcf1ff3522e9d0d48c765f
(2.19.3)
@@ -61584,10 +61585,10 @@ CVE-2022-0444 (The Backup, Restore and Migrate
WordPress Sites With the XCloner
NOT-FOR-US: WordPress plugin
CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3182-1 DLA-3011-1}
- - vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51
NOTE:
https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461
(v8.2.4281)
+ NOTE: Crash in CLI tool, no security issue
CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access
controls ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0441 (The MasterStudy LMS WordPress plugin before 2.7.6 does to
validate som ...)
@@ -62126,10 +62127,10 @@ CVE-2022-0414 (Business Logic Errors in Packagist
dolibarr/dolibarr prior to 16.
- dolibarr <removed>
CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2. ...)
{DLA-3182-1 DLA-3011-1}
- - vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38
NOTE:
https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a
(v8.2.4253)
+ NOTE: Crash in CLI tool, no security issue
CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI
WooComm ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not
sanitise and ...)
@@ -62163,17 +62164,17 @@ CVE-2022-0409 (Unrestricted Upload of File with
Dangerous Type in Packagist show
NOT-FOR-US: ShowDoc
CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
{DLA-3182-1 DLA-2947-1}
- - vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (unimportant)
NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d
NOTE:
https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31
(v8.2.4247)
+ NOTE: Crash in CLI tool, no security issue
CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2. ...)
- - vim 2:8.2.4659-1
- [bullseye] - vim <no-dsa> (Minor issue)
+ - vim 2:8.2.4659-1 (unimportant)
[buster] - vim <not-affected> (The vulnerable code is not present)
[stretch] - vim <not-affected> (The vulnerable code is not present)
NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c
NOTE:
https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e
(v8.2.4219)
+ NOTE: Crash in CLI tool, no security issue
CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send
requests to by ...)
NOT-FOR-US: Apache APISIX
CVE-2022-0406 (Improper Authorization in GitHub repository
janeczku/calibre-web prior ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cc7c9f5537e1adfe0f913407ad2a39bc41b82bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cc7c9f5537e1adfe0f913407ad2a39bc41b82bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
