Univention Bugzilla – Bug 55417
vim: Multiple issues (5.0)
Last modified: 2022-11-16 18:04:04 CET
New Debian vim 2:8.1.0875-5+deb10u3 fixes: This update addresses the following issues: * heap-based buffer overflow in gchar_cursor() in misc1.c (CVE-2021-3927) * stack-based buffer overflow in spell_iswordp() in spell.c (CVE-2021-3928) * Use after free in regexp_nfa.c (CVE-2021-3974) * illegal memory access in find_start_brace() in cindent.c when C-indenting (CVE-2021-3984) * heap-based buffer overflow in find_help_tags() in help.c (CVE-2021-4019) * use-after-free in ex_open() in src/ex_docmd.c (CVE-2021-4069) * use-after-free in win_linetabsize() (CVE-2021-4192) * out-of-bound read in getvcol() (CVE-2021-4193) * vim is vulnerable to out of bounds read (CVE-2022-0213) * Heap-based buffer overflow in block_insert() in src/ops.c (CVE-2022-0261) * heap-based out-of-bounds read (CVE-2022-0319) * access of memory location before start of buffer (CVE-2022-0351) * Heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359) * Illegal memory access when copying lines in visual mode leads to heap buffer overflow (CVE-2022-0361) * Out-of-bounds Read in vim (CVE-2022-0368) * Stack-based Buffer Overflow in spellsuggest.c (CVE-2022-0408) * Use after free in src/ex_cmds.c (CVE-2022-0413) * heap-based-buffer-overflow in ex_retab() of src/indent.c (CVE-2022-0417) * heap-use-after-free in enter_buffer() of src/buffer.c (CVE-2022-0443) * Use of Out-of-range Pointer Offset in vim (CVE-2022-0554) * heap overflow in ex_retab() may lead to crash (CVE-2022-0572) * CVE-2022-0685 : vim: Use of Out-of-range Pointer Offset in vim (CVE-2022-0685) * buffer overflow (CVE-2022-0714) * Use of Out-of-range Pointer Offset (CVE-2022-0729) * Heap-based Buffer Overflow occurs in vim (CVE-2022-0943) * use after free in utf_ptr2char (CVE-2022-1154) * heap-buffer-overflow in append_command of src/ex_docmd.c (CVE-2022-1616) * buffer over-read in grab_file_name() in findfile.c (CVE-2022-1720) * out-of-bounds read in gchar_cursor() in misc1.c (CVE-2022-1851) * use-after-free in find_pattern_in_path() in search.c (CVE-2022-1898) * use-after-free in function utf_ptr2char at mbyte.c:1794 (CVE-2022-1968) * integer overflow in del_typebuf() at getchar.c (CVE-2022-2285) * stack buffer overflow in spell_dump_compl() at spell.c (CVE-2022-2304) * Undefined Behavior for Input to API in vim (CVE-2022-2598) * use after free in function vim_vsnprintf_typval (CVE-2022-2946) * Use After Free in do_cmdline() in ex_docmd.c (CVE-2022-3099) * heap use-after-free in do_tag() at src/tag.c (CVE-2022-3134) * Heap-based Buffer Overflow (CVE-2022-3234) * stack buffer overflow in win_redr_ruler() at drawscreen.c (CVE-2022-3324) * a use after free in the function qf_update_buffer (CVE-2022-3705)
--- mirror/ftp/pool/main/v/vim/vim_8.1.0875-5+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/vim_8.1.0875-5+deb10u3.dsc @@ -1,3 +1,21 @@ +2:8.1.0875-5+deb10u3 [Tue, 08 Nov 2022 13:53:29 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2021-3927, CVE-2021-3928, CVE-2021-3974, CVE-2021-3984, + CVE-2021-4019, CVE-2021-4069, CVE-2021-4192, CVE-2021-4193, + CVE-2022-0213, CVE-2022-0261, CVE-2022-0319, CVE-2022-0351, + CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0408, + CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, + CVE-2022-0572, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, + CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1720, + CVE-2022-1851, CVE-2022-1898, CVE_2022-1968, CVE-2022-2285, + CVE-2022-2304, CVE-2022-2598, CVE-2022-2946, CVE-2022-3099, + CVE-2022-3134, CVE-2022-3234, CVE-2022-3324, CVE-2022-3705 + Multiple security vulnerabilities have been discovered in vim, an enhanced + vi editor. Buffer overflows, out-of-bounds reads and use-after-free may + lead to a denial-of-service (application crash) or other unspecified + impact. + 2:8.1.0875-5+deb10u2 [Sat, 25 Dec 2021 10:48:51 -0500] James McCoy <jamessan@debian.org>: * Revert unintentional inclusion of v8.2.3489, which is only relevant to Vim <http://piuparts.knut.univention.de/5.0-2/#7984252947266720562>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] ad216bf989 Bug #55417: vim 2:8.1.0875-5+deb10u3 doc/errata/staging/vim.yaml | 86 ++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 41 deletions(-) [5.0-2] 2b9b9246b0 Bug #55417: vim 2:8.1.0875-5+deb10u3 doc/errata/staging/vim.yaml | 93 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x487>