Univention Bugzilla – Bug 55465
vim: Multiple issues (5.0)
Last modified: 2022-11-30 13:28:01 CET
New Debian vim 2:8.1.0875-5+deb10u4 fixes: This update addresses the following issues: * Heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318) * Heap-based buffer overflow in getexmodeline() in ex_getln.c (CVE-2022-0392) * Stack-based Buffer Overflow in vim prior to 8.2. (CVE-2022-0629) * NULL Pointer Dereference in vim prior to 8.2 (CVE-2022-0696) * heap-buffer-overflow in cmdline_erase_chars of ex_getln.c (CVE-2022-1619) * heap buffer overflow (CVE-2022-1621) * Out-of-bounds Write (CVE-2022-1785) * out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897) * out of bounds write in vim_regsub_both() (CVE-2022-1942) * out-of-bounds write in function append_command (CVE-2022-2000) * out of bounds write in vim_regsub_both() (CVE-2022-2129) * Use After Free (CVE-2022-3235) * use-after-free in movemark() at mark.c (CVE-2022-3256) * use after free (CVE-2022-3352)
--- mirror/ftp/pool/main/v/vim/vim_8.1.0875-5+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/vim_8.1.0875-5+deb10u4.dsc @@ -1,3 +1,12 @@ +2:8.1.0875-5+deb10u4 [Wed, 23 Nov 2022 15:54:38 +0100] Helmut Grohne <helmut@subdivi.de>: + + * Non-maintainer upload by the LTS team. + * Add missing CVE to previous changelog entry. + * Fix CVE-2022-0318, CVE-2022-0392, CVE-2022-0629, + CVE-2022-0696, CVE-2022-1619, CVE-2022-1621, CVE-2022-1785, + CVE-2022-1897, CVE-2022-1942, CVE-2022-2000, CVE-2022-2129, + CVE-2022-3235, CVE-2022-3256, CVE-2022-3352 + 2:8.1.0875-5+deb10u3 [Tue, 08 Nov 2022 13:53:29 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. @@ -10,7 +19,8 @@ CVE-2022-0943, CVE-2022-1154, CVE-2022-1616, CVE-2022-1720, CVE-2022-1851, CVE-2022-1898, CVE_2022-1968, CVE-2022-2285, CVE-2022-2304, CVE-2022-2598, CVE-2022-2946, CVE-2022-3099, - CVE-2022-3134, CVE-2022-3234, CVE-2022-3324, CVE-2022-3705 + CVE-2022-3134, CVE-2022-3234, CVE-2022-3324, CVE-2022-3705, + CVE-2021-3872 Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and use-after-free may lead to a denial-of-service (application crash) or other unspecified <http://piuparts.knut.univention.de/5.0-2/#7984252947267803087>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] a7907f1514 Bug #55465: vim 2:8.1.0875-5+deb10u4 doc/errata/staging/vim.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) [5.0-2] 640a2dcaf4 Bug #55465: vim 2:8.1.0875-5+deb10u4 doc/errata/staging/vim.yaml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) [5.0-2] 9b4b94cec9 Bug #55465: vim 2:8.1.0875-5+deb10u4 doc/errata/staging/vim.yaml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x502>