Univention Bugzilla – Bug 54546
vim: Multiple issues (4.4)
Last modified: 2022-03-16 14:14:33 CET
New Debian vim 2:8.0.0197-4+deb9u5 fixes: This update addresses the following issues: * heap-based buffer overflow in win_redr_status() in drawscreen.c (CVE-2021-3872) * heap-based buffer overflow in gchar_cursor() in misc1.c (CVE-2021-3927) * stack-based buffer overflow in spell_iswordp() in spell.c (CVE-2021-3928) * Heap based buffer overflow in findfile.c (CVE-2021-3973) * Use after free in regexp_nfa.c (CVE-2021-3974) * illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984) * heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019) * use-after-free in ex_open() in src/ex_docmd.c (CVE-2021-4069) * use-after-free in win_linetabsize() (CVE-2021-4192) * out-of-bound read in getvcol() (CVE-2021-4193) * vim is vulnerable to out of bounds read (CVE-2022-0213) * heap-based out-of-bounds read (CVE-2022-0319) * Heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359) * Illegal memory access when copying lines in visual mode leads to heap buffer overflow (CVE-2022-0361) * Out-of-bounds Read in vim (CVE-2022-0368) * Stack-based Buffer Overflow in spellsuggest.c (CVE-2022-0408) * Use of Out-of-range Pointer Offset in vim (CVE-2022-0554) * CVE-2022-0685 : vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0685) * buffer overflow (CVE-2022-0714) * Use of Out-of-range Pointer Offset (CVE-2022-0729)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/vim_8.0.0197-4+deb9u4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/vim_8.0.0197-4+deb9u5.dsc @@ -1,3 +1,16 @@ +2:8.0.0197-4+deb9u5 [Fri, 11 Mar 2022 19:40:45 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4193, + CVE-2022-0213, CVE-2022-0319, CVE-2022-0368, CVE-2022-0554 CVE-2022-0361, + CVE-2022-0408, CVE-2022-0685, CVE-2022-0714, CVE-2022-0359, CVE-2021-4192, + CVE-2021-3872, CVE-2021-3927, CVE-2021-3928, CVE-2021-3973, CVE-2021-3974 + and CVE-2022-0729. + Multiple security vulnerabilities have been discovered in vim, an + enhanced vi editor. Buffer overflows, out-of-bounds reads and Null pointer + derefrences may lead to a denial-of-service (application crash) or other + unspecified impact. + 2:8.0.0197-4+deb9u4 [Mon, 10 Jan 2022 22:05:25 +0100] Anton Gladky <gladk@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/4.4-8/#8820702741467028302>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] d7c64504cd Bug #54546: vim 2:8.0.0197-4+deb9u5 doc/errata/staging/vim.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-8] 48493f1c62 Bug #54546: vim 2:8.0.0197-4+deb9u5 doc/errata/staging/vim.yaml | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) [4.4-8] e0d559911c Bug #54546: vim 2:8.0.0197-4+deb9u5 doc/errata/staging/vim.yaml | 54 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1197>