Package "vim-nox"
Name: |
vim-nox
|
Description: |
Vi IMproved - enhanced vi editor - with scripting languages support
|
Latest version: |
2:8.2.3995-1ubuntu2.17 |
Release: |
jammy (22.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
vim |
Homepage: |
https://www.vim.org/ |
Links
Download "vim-nox"
Other versions of "vim-nox" in Jammy
Changelog
vim (2:8.2.3995-1ubuntu2.11) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-2522.patch: Terminate string with NUL
- debian/patches/CVE-2022-2580.patch: Properly skip over <Key> form
- debian/patches/CVE-2022-2819.patch: Don't read past the end of the
line
- CVE-2022-2522
- CVE-2022-2580
- CVE-2022-2819
* SECURITY UPDATE: out-of-bounds write issue
- debian/patches/CVE-2022-2598.patch: Make sure the line number does
not go below one.
- CVE-2022-2598
* SECURITY UPDATE: out-of-bounds read issue
- debian/patches/CVE-2022-2816.patch: Don't read past the end of the
line
- CVE-2022-2816
* SECURITY UPDATE: use after free memory issue
- debian/patches/CVE-2022-2817.patch: Make a copy of the error
- debian/patches/CVE-2022-2862.patch: Mess up the variable name so that
it won't be found
- debian/patches/CVE-2022-2889.patch: Free eval_tofree later
- debian/patches/CVE-2022-2982.patch: Do not allow for recursion
- debian/patches/CVE-2022-3016.patch: Return QF_ABORT and handle it.
- debian/patches/CVE-2022-3037.patch: Do not handle errors if there
aren't any
- debian/patches/CVE-2022-3099.patch: Do not check breakpoint for
non-existing line
- debian/patches/CVE-2022-3134.patch: Bail out when the window was
closed
- CVE-2022-2817
- CVE-2022-2862
- CVE-2022-2889
- CVE-2022-2982
- CVE-2022-3016
- CVE-2022-3037
- CVE-2022-3099
- CVE-2022-3134
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-2874.patch: Check for skipping
- debian/patches/CVE-2022-3153.patch: Check for NULL string
- CVE-2022-2874
- CVE-2022-3153
-- Nishit Majithia <email address hidden> Fri, 18 Aug 2023 09:42:26 +0530
|
Source diff to previous version |
CVE-2022-2522 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. |
CVE-2022-2580 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. |
CVE-2022-2819 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. |
CVE-2022-2816 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. |
CVE-2022-2817 |
Use After Free in GitHub repository vim/vim prior to 9.0.0213. |
CVE-2022-2862 |
Use After Free in GitHub repository vim/vim prior to 9.0.0221. |
CVE-2022-2889 |
Use After Free in GitHub repository vim/vim prior to 9.0.0225. |
CVE-2022-2982 |
Use After Free in GitHub repository vim/vim prior to 9.0.0260. |
CVE-2022-3016 |
Use After Free in GitHub repository vim/vim prior to 9.0.0286. |
CVE-2022-3037 |
Use After Free in GitHub repository vim/vim prior to 9.0.0322. |
CVE-2022-3099 |
Use After Free in GitHub repository vim/vim prior to 9.0.0360. |
CVE-2022-3134 |
Use After Free in GitHub repository vim/vim prior to 9.0.0389. |
CVE-2022-2874 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. |
CVE-2022-3153 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. |
|
vim (2:8.2.3995-1ubuntu2.10) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-2182.patch: When on line zero check the
column is valid for line one.
- debian/patches/CVE-2022-2264.patch: Adjust the end mark position.
- debian/patches/CVE-2022-2284.patch: Stop Visual mode when closing a
window.
- CVE-2022-2182
- CVE-2022-2264
- CVE-2022-2284
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-2208.patch: Recompute diffs later. Skip
window without a valid buffer.
- debian/patches/CVE-2022-2231.patch: Do not use the NULL pointer.
- CVE-2022-2208
- CVE-2022-2231
* SECURITY UPDATE: out-of-bounds write issue
- debian/patches/CVE-2022-2210.patch: Use zero offset when change
removes all lines in a diff block
- CVE-2022-2210
* SECURITY UPDATE: out-of-bounds read issue
- debian/patches/CVE-2022-2257.patch: Check for NUL.
- debian/patches/CVE-2022-2286.patch: Check the length of the string
- debian/patches/CVE-2022-2287.patch: Disallow adding a word with
control characters or a trailing slash.
- CVE-2022-2257
- CVE-2022-2286
- CVE-2022-2287
* SECURITY UPDATE: integer overflow issue
- debian/patches/CVE-2022-2285.patch: Put a NUL after the typeahead.
- CVE-2022-2285
* SECURITY UPDATE: use after free memory issue
- debian/patches/CVE-2022-2289.patch: Bail out when diff pointer is no
longer valid
- CVE-2022-2289
* debian/patches/skip_some_tests.patch: skip some failing test
-- Nishit Majithia <email address hidden> Tue, 01 Aug 2023 11:07:49 +0530
|
Source diff to previous version |
CVE-2022-2182 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-2264 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
CVE-2022-2284 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
CVE-2022-2208 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. |
CVE-2022-2231 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. |
CVE-2022-2210 |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
CVE-2022-2257 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
CVE-2022-2286 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
CVE-2022-2287 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
CVE-2022-2285 |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. |
CVE-2022-2289 |
Use After Free in GitHub repository vim/vim prior to 9.0. |
|
vim (2:8.2.3995-1ubuntu2.9) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read when finding an ex command by name
- debian/patches/CVE-2022-0128.patch: check for the NUL byte first before
reading.
- CVE-2022-0128
* SECURITY UPDATE: use of freed memory when managing line buffers
- debian/patches/CVE-2022-0156-1.patch: tracking and keeping individual
lines until the end before freeing.
- debian/patches/CVE-2022-0156-2.patch: use growing array for tracking
lines to free when executing instructions.
- CVE-2022-0156
* SECURITY UPDATE: heap-based buffer overflow when reading line containing
"$" on its own
- debian/patches/CVE-2022-0158.patch: handle environment variable with
adjusted error reporting.
- CVE-2022-0158
* SECURITY UPDATE: out-of-bounds read when recording and using select mode
- debian/patches/CVE-2022-0393.patch: check last recorded character exists
before deleting.
- CVE-2022-0393
* SECURITY UPDATE: heap-based buffer overflow when performing a visual block
yank
- debian/patches/CVE-2022-0407.patch: check line boundary before reading
character.
- CVE-2022-0407
* SECURITY UPDATE: NULL pointer dereference when switching tabpage in
cmdline window
- debian/patches/CVE-2022-0696.patch: deny switching tabpage in cmdline
window.
- CVE-2022-0696
-- Evan Caville <email address hidden> Thu, 22 Jun 2023 14:08:04 +1000
|
Source diff to previous version |
CVE-2022-0128 |
vim is vulnerable to Out-of-bounds Read |
CVE-2022-0156 |
vim is vulnerable to Use After Free |
CVE-2022-0158 |
vim is vulnerable to Heap-based Buffer Overflow |
CVE-2022-0393 |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0407 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0696 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. |
|
vim (2:8.2.3995-1ubuntu2.8) jammy-security; urgency=medium
* SECURITY UPDATE: use of out-of-range pointer offset when fuzzy matching
- debian/patches/CVE-2023-2426.patch: initialize the arrays used to store
match positions.
- CVE-2023-2426
* SECURITY UPDATE: NULL pointer dereference when processing register content
- debian/patches/CVE-2023-2609.patch: check "y_array" is not NULL.
- CVE-2023-2609
* SECURITY UPDATE: integer overflow and excessive memory consumption when
allocating memory for tilde processing in pattern
- debian/patches/CVE-2023-2610.patch: limit the text length to MAXCOL.
- CVE-2023-2610
-- Camila Camargo de Matos <email address hidden> Wed, 24 May 2023 11:27:53 -0300
|
Source diff to previous version |
CVE-2023-2426 |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. |
CVE-2023-2609 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. |
CVE-2023-2610 |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. |
|
vim (2:8.2.3995-1ubuntu2.7) jammy-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow when processing long file names
- debian/patches/CVE-2022-0213.patch: check length when appending a space.
- CVE-2022-0213
* SECURITY UPDATE: heap-based buffer overflow when performing a block insert
- debian/patches/CVE-2022-0261.patch: handle invalid byte better. Fix
inserting the wrong text.
- debian/patches/CVE-2022-0318-1.patch: for block insert only use the
offset for correcting the length.
- debian/patches/CVE-2022-0318-2.patch: adjust the expected output for
utf8 block insert test.
- CVE-2022-0261
- CVE-2022-0318
* SECURITY UPDATE: out-of-bounds read when exchanging windows in visual mode
- debian/patches/CVE-2022-0319.patch: correct end of Visual area when
entering another buffer.
- CVE-2022-0319
* SECURITY UPDATE: stack pointer corruption when parsing too many brackets
in expression
- debian/patches/CVE-2022-0351.patch: limit recursion to 1000.
- CVE-2022-0351
* SECURITY UPDATE: illegal memory access when processing large indent in ex
mode
- debian/patches/CVE-2022-0359.patch: allocate enough memory.
- CVE-2022-0359
* SECURITY UPDATE: illegal memory access when copying lines in visual mode
- debian/patches/CVE-2022-0361.patch: adjust the Visual position after
copying lines.
- CVE-2022-0361
* SECURITY UPDATE: illegal memory access when undo makes visual area invalid
in visual mode
- debian/patches/CVE-2022-0368.patch: correct the Visual area after undo.
- CVE-2022-0368
* SECURITY UPDATE: stack corruption when looking for spelling suggestions
- debian/patches/CVE-2022-0408.patch: prevent the depth increased too
much. Add a five second time limit to finding suggestions.
- CVE-2022-0408
* SECURITY UPDATE: use of freed memory when managing buffers
- debian/patches/CVE-2022-0443.patch: do not use wiped out buffer.
- CVE-2022-0443
* SECURITY UPDATE: heap buffer overflow when processing vim buffers
- debian/patches/CVE-2022-0554.patch: when deleting the current buffer to
not pick a quickfix buffer as the new current buffer.
- CVE-2022-0554
* SECURITY UPDATE: heap buffer overflow when repeatedly using :retab
- debian/patches/CVE-2022-0572.patch: bail out when the line is getting
too long.
- CVE-2022-0572
* SECURITY UPDATE: stack buffer overflow vulnerability
- debian/patches/CVE-2022-0629.patch: crash when using many composing
characters in error message
- CVE-2022-0629
* SECURITY UPDATE: out-of-range pointer offset when using special multi-byte
character
- debian/patches/CVE-2022-0685.patch: don't use isalpha() for an arbitrary
character.
- CVE-2022-0685
* SECURITY UPDATE: heap buffer overflow when processing anomalous
'vartabstop' value
- debian/patches/CVE-2022-0714.patch: check for running into the end of
the line.
- CVE-2022-0714
* SECURITY UPDATE: out-of-range pointer offset when processing specific
regexp pattern and string
- debian/patches/CVE-2022-0729.patch: stop at the start of the string.
- CVE-2022-0729
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-2207.patch: adds a check to see if the cursor
column is great than zero.
- CVE-2022-2207
-- Nishit Majithia <email address hidden> Tue, 18 Apr 2023 17:10:57 +0530
|
CVE-2022-0213 |
vim is vulnerable to Heap-based Buffer Overflow |
CVE-2022-0261 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0318 |
Heap-based Buffer Overflow in vim/vim prior to 8.2. |
CVE-2022-0319 |
Out-of-bounds Read in vim/vim prior to 8.2. |
CVE-2022-0351 |
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0359 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0361 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0368 |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0408 |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0443 |
Use After Free in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0554 |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0572 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0629 |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-0685 |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. |
CVE-2022-0714 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. |
CVE-2022-0729 |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. |
CVE-2022-2207 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
|
About
-
Send Feedback to @ubuntu_updates