Univention Bugzilla – Bug 54606
vim: Multiple issues (5.0)
Last modified: 2022-03-30 12:41:41 CEST
New Debian vim 2:8.1.0875-5+deb10u2 fixes: This update addresses the following issues: * users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode (CVE-2019-20807) * using retab with large value may lead to heap buffer overflow (CVE-2021-3770) * heap-based buffer overflow in utf_ptr2char() in mbyte.c (CVE-2021-3778) * use-after-free in nv_replace() in normal.c (CVE-2021-3796)
--- mirror/ftp/pool/main/v/vim/vim_8.1.0875-5.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/vim_8.1.0875-5+deb10u2.dsc @@ -1,3 +1,24 @@ +2:8.1.0875-5+deb10u2 [Sat, 25 Dec 2021 10:48:51 -0500] James McCoy <jamessan@debian.org>: + + * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim + 8.2.3110 and later. + +2:8.1.0875-5+deb10u1 [Sun, 26 Sep 2021 09:29:21 -0400] James McCoy <jamessan@debian.org>: + + * Change gbp.conf and salsa config to use buster + * Backport 8.1.0881 and 8.1.0883 to fix CVE-2019-20807 + + 8.1.0881: can execute shell commands in rvim through interfaces + + 8.1.0883: missing some changes for Ex commands + * Backport patches 8.1.0936, 8.2.3402, and 8.2.3403 to fix CVE-2021-3770 + (Closes: #994076) + + 8.1.0936: may leak memory when using 'vartabstop' + + 8.2.3402: invalid memory access when using :retab with large value + + 8.2.3403: memory leak for :retab with invalid argument + * Backport v8.2.3409 to fix CVE-2021-3778 (Closes: #994498) + + 8.2.3409: reading beyond end of line with invalid utf-8 character + * Backport v8.2.3428 to fix CVE-2021-3796 (Closes: #994497) + + 8.2.3428: using freed memory when replacing + 2:8.1.0875-5 [Sat, 15 Jun 2019 12:41:15 -0400] James McCoy <jamessan@debian.org>: * gbp.conf: Set debian-tag to debian/%(version)s <http://piuparts.knut.univention.de/5.0-1/#7984252947265638037>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] a0eb02a9f4 Bug #54606: vim 2:8.1.0875-5+deb10u2 doc/errata/staging/vim.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x275>