[Git][security-tracker-team/security-tracker][master] bullseye triage

Moritz Muehlenhoff (@jmm) Thu, 24 Nov 2022 01:52:41 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
778bff91 by Moritz Muehlenhoff at 2022-11-24T10:51:59+01:00
bullseye triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16240,9 +16240,10 @@ CVE-2022-40755 (JasPer 3.0.6 allows denial of service 
via a reachable assertion
        NOTE: https://github.com/jasper-software/jasper/issues/338
 CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0.0 ...)
        {DLA-3182-1}
-       - vim 2:9.0.0626-1
+       - vim 2:9.0.0626-1 (unimportant)
        NOTE: https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da/
        NOTE: 
https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d 
(v9.0.0483)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open 
redirect in t ...)
        - airflow <itp> (bug #819700)
 CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to 
cross-site scr ...)
@@ -20604,11 +20605,11 @@ CVE-2022-3038 (Use after free in Network Service in 
Google Chrome prior to 105.0
        - chromium 105.0.5195.52-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322. 
...)
-       - vim 2:9.0.0626-1 (bug #1019590)
-       [bullseye] - vim <no-dsa> (Minor issue)
+       - vim 2:9.0.0626-1 (bug #1019590; unimportant)
        [buster] - vim <not-affected> (quickfixtextfunc added in 8.2.0869)
        NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
        NOTE: 
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb 
(v9.0.0322)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 
does n ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository 
snipe/snipe-i ...)
@@ -21416,11 +21417,11 @@ CVE-2022-2984 (In jpg driver, there is a possible out 
of bounds write due to a m
 CVE-2022-2983
        RESERVED
 CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260. 
...)
-       - vim 2:9.0.0626-1 (bug #1019590)
-       [bullseye] - vim <no-dsa> (Minor issue)
+       - vim 2:9.0.0626-1 (bug #1019590; unimportant)
        [buster] - vim <not-affected> (quickfixtextfunc added in 8.2.0869)
        NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
        NOTE: 
https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 
(v9.0.0260)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-2981 (The Download Monitor WordPress plugin before 4.5.98 does not 
ensure th ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to 
9.0.025 ...)
@@ -21696,10 +21697,10 @@ CVE-2022-38648 (Server-Side Request Forgery (SSRF) 
vulnerability in Batik of Apa
        NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625
 CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246. 
...)
        {DLA-3182-1}
-       - vim 2:9.0.0626-1 (bug #1019590)
-       [bullseye] - vim <no-dsa> (Minor issue)
+       - vim 2:9.0.0626-1 (bug #1019590; unimportant)
        NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
        NOTE: 
https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c 
(v9.0.0246)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-2945 (The WordPress Infinite Scroll &#8211; Ajax Load More plugin for 
WordPr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-2944
@@ -31930,10 +31931,10 @@ CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, 
insufficient access contro
        NOT-FOR-US: JetBrains Hub
 CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim 
prior to 9 ...)
        {DLA-3182-1}
-       - vim 2:9.0.0135-1 (bug #1015984)
-       [bullseye] - vim <no-dsa> (Minor issue)
+       - vim 2:9.0.0135-1 (bug #1015984; unimportant)
        NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/
        NOTE: 
https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe 
(v9.0.0018)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior 
to 9.0. ...)
        - vim 2:9.0.0135-1 (unimportant)
        NOTE: https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874/


=====================================
data/dsa-needed.txt
=====================================
@@ -68,3 +68,5 @@ sox
 --
 tiff
 --
+xfce4-settings (Corsac)
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778bff91172866ad880639e69977d7e1f83944f0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/778bff91172866ad880639e69977d7e1f83944f0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bullseye triage

Reply via email to