Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec83c214 by security tracker role at 2025-03-30T08:11:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4657,28 +4657,28 @@ CVE-2024-11283 (The WP JobHunt plugin for WordPress is
vulnerable to authenticat
CVE-2024-11235
- php8.4 8.4.5-1
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-rwp7-7vc6-8477
-CVE-2025-1861
+CVE-2025-1861 (In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from
8.3.* ...)
{DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-52jp-hrpf-2jff
NOTE: Fixed by:
https://github.com/php/php-src/commit/ac1a054bb3eb5994a199e8b18cca28cbabf5943e
(php-8.1.32)
-CVE-2025-1736
+CVE-2025-1736 (In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from
8.3.* ...)
{DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-hgf5-96fm-v528
NOTE: Fixed by:
https://github.com/php/php-src/commit/41d49abbd99dab06cdae4834db664435f8177174
(php-8.1.32)
-CVE-2025-1734
+CVE-2025-1734 (In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from
8.3.* ...)
{DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-pcmh-g36c-qc44
NOTE: Fixed by:
https://github.com/php/php-src/commit/0548c4c1756724a89ef8310709419b08aadb2b3b
(php-8.1.32)
-CVE-2025-1219
+CVE-2025-1219 (In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from
8.3.* ...)
{DSA-5878-1 DLA-4088-1}
- php8.4 8.4.5-1
- php8.2 <unfixed>
@@ -53650,6 +53650,7 @@ CVE-2024-47818 (Saltcorn is an extensible, open source,
no-code database applica
CVE-2024-47817 (Lara-zeus Dynamic Dashboard simple way to manage widgets for
your webs ...)
NOT-FOR-US: Lara-zeus Dynamic Dashboard
CVE-2024-47814 (Vim is an open source, command line text editor. A
use-after-free was ...)
+ {DLA-4097-1}
- vim 2:9.1.0777-1 (bug #1084806)
[bookworm] - vim 2:9.0.1378-2+deb12u1
NOTE: https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg
@@ -62268,6 +62269,7 @@ CVE-2024-43806 (Rustix is a set of safe Rust bindings
to POSIX-ish APIs. When us
[bookworm] - rust-rustix <no-dsa> (Minor issue)
NOTE:
https://github.com/bytecodealliance/rustix/security/advisories/GHSA-c827-hfw6-qwvm
CVE-2024-43802 (Vim is an improved version of the unix vi text editor. When
flushing t ...)
+ {DLA-4097-1}
- vim 2:9.1.0698-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
NOTE: https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
@@ -122740,6 +122742,7 @@ CVE-2024-23196 (A race condition was found in the
Linux kernel's sound/hda devi
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=8148
NOTE:
https://git.kernel.org/linus/1f4a08fed450db87fbb5ff5105354158bdbe1a22 (6.5-rc1)
CVE-2024-22667 (Vim before 9.0.2142 has a stack-based buffer overflow because
did_set_ ...)
+ {DLA-4097-1}
- vim 2:9.0.2189-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
[buster] - vim <no-dsa> (Minor issue)
@@ -145690,6 +145693,7 @@ CVE-2023-5345 (A use-after-free vulnerability in the
Linux kernel's fs/smb/clien
NOTE:
https://git.kernel.org/linus/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
NOTE: https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705
CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
+ {DLA-4097-1}
- vim 2:9.0.2018-1 (bug #1053694)
[bookworm] - vim 2:9.0.1378-2+deb12u1
[buster] - vim <postponed> (Minor issue, 1-byte overflow)
@@ -149532,7 +149536,7 @@ CVE-2023-29166 (A logic issue was addressed with
improved state management. This
CVE-2023-36851 (A Missing Authentication for Critical Function vulnerability
in Junipe ...)
NOT-FOR-US: Juniper
CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
- {DLA-3588-1}
+ {DLA-4097-1 DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/
@@ -149777,7 +149781,7 @@ CVE-2023-4754 (Out-of-bounds Write in GitHub
repository gpac/gpac prior to 2.3-D
NOTE:
https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0
NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c
CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.)
- {DLA-3588-1}
+ {DLA-4097-1 DLA-3588-1}
- vim 2:9.0.1894-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
NOTE: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/
@@ -150136,6 +150140,7 @@ CVE-2023-37220 (Synel Terminals - CWE-494: Download
of Code Without Integrity Ch
CVE-2023-41180 (Incorrect certificate validation in InvokeHTTP on Apache NiFi
MiNiFi C ...)
NOT-FOR-US: Apache NiFi
CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.1 ...)
+ {DLA-4097-1}
- vim 2:9.0.1894-1
[bookworm] - vim 2:9.0.1378-2+deb12u1
[buster] - vim <no-dsa> (Minor issue; intrusive and hard to backport
and will need a rewrite)
@@ -160374,6 +160379,7 @@ CVE-2023-35790 (An issue was discovered in
dec_patch_dictionary.cc in libjxl bef
NOTE: https://github.com/libjxl/libjxl/pull/2551
NOTE:
https://github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226
CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka
rabbitmq-c) ...)
+ {DLA-4096-1}
- librabbitmq 0.14.0-1 (bug #1037322)
[bookworm] - librabbitmq 0.11.0-1+deb12u1
[buster] - librabbitmq <no-dsa> (Minor issue)
@@ -164316,7 +164322,7 @@ CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected
in GitHub repository pimco
CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository
pimcore/pimcore ...)
NOT-FOR-US: pimcore
CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim
prior to 9 ...)
- {DLA-3453-1}
+ {DLA-4097-1 DLA-3453-1}
- vim 2:9.0.1658-1 (bug #1035955)
[bookworm] - vim 2:9.0.1378-2+deb12u1
NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
@@ -176694,7 +176700,7 @@ CVE-2023-1177 (Path Traversal: '\..\filename' in
GitHub repository mlflow/mlflow
CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow
prior to 2. ...)
NOT-FOR-US: mlflow
CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository
vim/vim prio ...)
- {DLA-3453-1}
+ {DLA-4097-1 DLA-3453-1}
- vim 2:9.0.1378-1
NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e
NOTE:
https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba
(v9.0.1378)
@@ -192059,7 +192065,7 @@ CVE-2023-22604
CVE-2023-22603
REJECTED
CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to
9.0.1145.)
- {DLA-3453-1}
+ {DLA-4097-1 DLA-3453-1}
- vim 2:9.0.1378-1 (bug #1031875)
NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d
NOTE:
https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731
(v9.0.1145)
@@ -201597,7 +201603,7 @@ CVE-2022-4143 (An issue has been discovered in GitLab
affecting all versions sta
CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before
0.1.6 does ...)
NOT-FOR-US: WordPress plugin
CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by
allowing a ...)
- {DLA-3453-1}
+ {DLA-4097-1 DLA-3453-1}
- vim 2:9.0.1000-1 (bug #1027146)
NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f
NOTE:
https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5
(v9.0.0947)
@@ -216935,7 +216941,7 @@ CVE-2022-3326 (Weak Password Requirements in GitHub
repository ikus060/rdiffweb
CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all
versions ...)
- gitlab 15.10.8+ds1-2
CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0. ...)
- {DLA-3182-1}
+ {DLA-4097-1 DLA-3182-1}
- vim 2:9.0.0626-1
NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/
NOTE:
https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb
(v9.0.0598)
@@ -220970,7 +220976,7 @@ CVE-2022-39960 (The Netic Group Export add-on before
1.0.3 for Atlassian Jira do
CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389.)
- {DLA-3182-1}
+ {DLA-4097-1 DLA-3182-1}
- vim 2:9.0.0626-1 (bug #1019590)
NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
NOTE:
https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e
(v9.0.0389)
@@ -222870,7 +222876,7 @@ CVE-2022-39199 (immudb is a database with built-in
cryptographic proof and verif
CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite
3.2.12 a ...)
NOT-FOR-US: Apache Dubbo
CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360.)
- {DLA-3182-1}
+ {DLA-4097-1 DLA-3182-1}
- vim 2:9.0.0626-1 (bug #1019590)
NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
NOTE:
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c
(v9.0.0360)
@@ -234870,7 +234876,7 @@ CVE-2022-2306 (Old session tokens can be used to
authenticate to the application
CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior
to 9.0.)
- {DLA-3182-1}
+ {DLA-4097-1 DLA-3182-1}
- vim 2:9.0.0135-1 (bug #1015984)
NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/
NOTE:
https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939
(v9.0.0035)
@@ -237743,7 +237749,7 @@ CVE-2022-33980 (Apache Commons Configuration performs
variable interpolation, al
[buster] - commons-configuration2 <not-affected> (Vulnerable code
introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5
CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
- {DLA-3204-1}
+ {DLA-4097-1 DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352
@@ -241546,7 +241552,7 @@ CVE-2022-30532 (In affected versions of Octopus
Deploy, there is no logging of c
CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be
customi ...)
NOT-FOR-US: Octopus Server
CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
- {DLA-3204-1}
+ {DLA-4097-1 DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0
@@ -243415,7 +243421,7 @@ CVE-2022-1943 (A flaw out of bounds memory write in
the Linux kernel UDF file sy
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412
NOTE: Fixed by:
https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7)
CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2.)
- {DLA-3204-1}
+ {DLA-4097-1 DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071
@@ -243818,7 +243824,7 @@ CVE-2022-1898 (Use After Free in GitHub repository
vim/vim prior to 8.2.)
NOTE:
https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a
(v8.2.5024)
NOTE: Crash in CLI tool, no security impact
CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.)
- {DLA-3204-1}
+ {DLA-4097-1 DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <postponed> (Minor issue)
NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118
@@ -246003,7 +246009,7 @@ CVE-2022-1786 (A use-after-free flaw was found in the
Linux kernel\u2019s io_uri
NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1
NOTE: https://blog.kylebot.net/2022/10/16/CVE-2022-1786/
CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to
8.2.4977.)
- {DLA-3204-1}
+ {DLA-4097-1 DLA-3204-1}
- vim 2:9.0.0135-1 (bug #1015984)
[stretch] - vim <no-dsa> (Minor issue)
NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109
@@ -248084,7 +248090,7 @@ CVE-2022-30321 (go-getter up to 1.5.11 and 2.0.2
allowed arbitrary host access v
NOTE: https://github.com/hashicorp/go-getter/pull/359
NOTE:
https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45
(v1.6.0)
CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim
prior to ...)
- {DLA-3182-1 DLA-3011-1}
+ {DLA-4097-1 DLA-3182-1 DLA-3011-1}
- vim 2:9.0.0135-1 (bug #1015984)
NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
NOTE:
https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c
(v8.2.4895)
@@ -263924,7 +263930,7 @@ CVE-2022-0574 (Improper Access Control in GitHub
repository publify/publify prio
CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to
Insecure ...)
NOT-FOR-US: JFrog Artifactory
CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2.)
- {DLA-3182-1 DLA-3011-1}
+ {DLA-4097-1 DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf
NOTE:
https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f
(v8.2.4359)
@@ -266727,7 +266733,7 @@ CVE-2022-0419 (NULL Pointer Dereference in GitHub
repository radareorg/radare2 p
CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise
and esc ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to
8.2.)
- {DLA-3182-1 DLA-3053-1}
+ {DLA-4097-1 DLA-3182-1 DLA-3053-1}
- vim 2:8.2.4659-1
NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/
NOTE:
https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a
(v8.2.4245)
@@ -267105,7 +267111,7 @@ CVE-2022-21798 (The affected product is vulnerable
due to cleartext transmission
CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP
functionali ...)
NOT-FOR-US: LeadTools
CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to
8.2.)
- {DLA-3204-1}
+ {DLA-4097-1 DLA-3204-1}
- vim 2:8.2.4659-1
[stretch] - vim <not-affected> (vulnerable code was introduced later)
NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126
@@ -267634,14 +267640,14 @@ CVE-2022-0363 (The myCred WordPress plugin before
2.4.3.1 does not have any auth
CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.)
NOT-FOR-US: ShowDoc
CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2.)
- {DLA-3182-1 DLA-2947-1}
+ {DLA-4097-1 DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b
NOTE:
https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366
(v8.2.4215)
CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2.)
- {DLA-3182-1 DLA-2947-1}
+ {DLA-4097-1 DLA-3182-1 DLA-2947-1}
- vim 2:8.2.4659-1
NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def
NOTE:
https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1
(v8.2.4214)
@@ -267841,7 +267847,7 @@ CVE-2022-23865 (Nyron 1.0 is affected by a SQL
injection vulnerability through N
CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior
to 0.6 ...)
- calibre-web <itp> (bug #982690)
CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub
repository ...)
- {DLA-3182-1 DLA-3011-1}
+ {DLA-4097-1 DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161
NOTE:
https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d
(v8.2.4206)
@@ -270156,7 +270162,7 @@ CVE-2022-0263 (Unrestricted Upload of File with
Dangerous Type in Packagist pimc
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist
pimcore/pimcore prior ...)
NOT-FOR-US: pimcore
CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior
to 8.2.)
- {DLA-3182-1 DLA-3011-1}
+ {DLA-4097-1 DLA-3182-1 DLA-3011-1}
- vim 2:8.2.4659-1
NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82
NOTE:
https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc
(v8.2.4120)
@@ -274584,6 +274590,7 @@ CVE-2021-44465 (Improper access control in Odoo
Community 13.0 and earlier and O
- odoo <not-affected> (Fixed in initial upload to Debian)
NOTE: https://github.com/odoo/odoo/issues/107692
CVE-2021-4187 (vim is vulnerable to Use After Free)
+ {DLA-4097-1}
- vim 2:8.2.3995-1
[buster] - vim <not-affected> (Vulnerable code introduced later)
[stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -275253,6 +275260,7 @@ CVE-2018-25023 (An issue was discovered in the
smallvec crate before 0.6.13 for
CVE-2021-4174
RESERVED
CVE-2021-4173 (vim is vulnerable to Use After Free)
+ {DLA-4097-1}
- vim 2:8.2.3995-1
[buster] - vim <not-affected> (Vulnerable code introduced later)
[stretch] - vim <not-affected> (Vulnerable code introduced later)
@@ -280623,7 +280631,7 @@ CVE-2021-4020 (janus-gateway is vulnerable to
Improper Neutralization of Input D
NOTE:
https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd
NOTE: Issues only in janus-demos built from src:janus
CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow)
- {DLA-3182-1 DLA-2947-1}
+ {DLA-4097-1 DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3995-1
NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92
NOTE:
https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142
(v8.2.3669)
@@ -289896,7 +289904,7 @@ CVE-2021-42102 (An uncontrolled search path element
vulnerabilities in Trend Mic
CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend
Micro Ape ...)
NOT-FOR-US: Trend Micro
CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow)
- {DLA-3182-1 DLA-2947-1}
+ {DLA-4097-1 DLA-3182-1 DLA-2947-1}
- vim 2:8.2.3565-1
NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8
NOTE:
https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec83c21496e8f031f312c2dd972b49de4ba8843d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec83c21496e8f031f312c2dd972b49de4ba8843d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
