Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4911d3cd by Moritz Muehlenhoff at 2023-09-11T22:39:34+02:00
vim fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -534,7 +534,7 @@ CVE-2023-29166 (A logic issue was addressed with improved
state management. This
CVE-2023-36851
NOT-FOR-US: Juniper
CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
- - vim <unfixed>
+ - vim 2:9.0.1894-1
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/
@@ -700,20 +700,20 @@ CVE-2023-4754 (Out-of-bounds Write in GitHub repository
gpac/gpac prior to 2.3-D
NOTE:
https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
- - vim <unfixed>
+ - vim 2:9.0.1894-1
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/
NOTE:
https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
(v9.0.1858)
CVE-2023-4750 (Use After Free in GitHub repository vim/vim prior to 9.0.1857.)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1894-1 (unimportant)
NOTE: https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea/
NOTE:
https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
(v9.0.1857)
NOTE: Crash in CLI tool, no security impact
CVE-2023-4748 (A vulnerability, which was classified as critical, has been
found in Y ...)
NOT-FOR-US: Yongyou UFIDA-NC
CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1894-1 (unimportant)
NOTE: https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/
NOTE:
https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
(v9.0.1840)
NOTE: Crash in CLI tool, no security impact
@@ -1006,7 +1006,7 @@ CVE-2023-32806 (In wlan driver, there is a possible out
of bounds write due to i
CVE-2023-32805 (In power, there is a possible out of bounds write due to an
insecure d ...)
NOT-FOR-US: MediaTek
CVE-2023-4751 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1894-1 (unimportant)
NOTE:
https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b
(v9.0.1331)
NOTE: https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378
NOTE: Crash in CLI tool, no security impact
@@ -1051,7 +1051,7 @@ CVE-2023-37220 (Synel Terminals - CWE-494: Download of
Code Without Integrity Ch
CVE-2023-41180 (Incorrect certificate validation in InvokeHTTP on Apache NiFi
MiNiFi C ...)
NOT-FOR-US: Apache NiFi
CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
- - vim <unfixed>
+ - vim 2:9.0.1894-1
[bookworm] - vim <no-dsa> (Minor issue)
[bullseye] - vim <no-dsa> (Minor issue)
[buster] - vim <no-dsa> (Minor issue)
@@ -1062,12 +1062,12 @@ CVE-2023-4736 (Untrusted Search Path in GitHub
repository vim/vim prior to 9.0.1
NOTE: https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/
NOTE:
https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c
(v9.0.1833)
CVE-2023-4735 (Out-of-bounds Write in GitHub repository vim/vim prior to
9.0.1847.)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1894-1 (unimportant)
NOTE: https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/
NOTE:
https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
(v9.0.1847)
NOTE: Crash in CLI tool, no security impact
CVE-2023-4734 (Integer Overflow or Wraparound in GitHub repository vim/vim
prior to 9 ...)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1894-1 (unimportant)
NOTE: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/
NOTE:
https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
(v9.0.1846)
NOTE: Crash in CLI tool, no security impact
@@ -4795,7 +4795,7 @@ CVE-2023-4155
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/7588dbcebcbf0193ab5b76987396d0254270b04a
CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3)
- - vim <unfixed> (unimportant)
+ - vim 2:9.0.1894-1 (unimportant)
[buster] - vim <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/vim/vim/issues/12528
NOTE: https://github.com/vim/vim/pull/12540
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4911d3cd0241261fae2b047d21732cfa428503e0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4911d3cd0241261fae2b047d21732cfa428503e0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
