Package "vim"

Name: vim


Vi IMproved - enhanced vi editor

Latest version: 2:8.0.1453-1ubuntu1.6
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://vim.sourceforge.io/


Download "vim"

Other versions of "vim" in Bionic

Repository Area Version
base main 2:8.0.1453-1ubuntu1
base universe 2:8.0.1453-1ubuntu1
security universe 2:8.0.1453-1ubuntu1.6
updates main 2:8.0.1453-1ubuntu1.6
updates universe 2:8.0.1453-1ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Version: 2:8.0.1453-1ubuntu1.6 2021-09-28 12:06:18 UTC

  vim (2:8.0.1453-1ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of
    line with invalid utf-8 character
    - debian/patches/CVE-2021-3778.patch: Validate encoding of character before
      advancing line in regexp_nfa.c.
    - CVE-2021-3778
  * SECURITY UPDATE: Fix use after free when replacing
    - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
      ins_copychar() in src/normal.c.
    - CVE-2021-3796

 -- Spyros Seimenis <email address hidden> Mon, 20 Sep 2021 15:26:53 +0300

Source diff to previous version
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3796 vim is vulnerable to Use After Free

Version: 2:8.0.1453-1ubuntu1.4 2020-10-14 20:07:07 UTC

  vim (2:8.0.1453-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: rvim restricted mode circumvention
    - debian/patches/CVE-2019-20807-1.patch: disable using interfaces in
      restricted mode in runtime/doc/starting.txt, src/evalfunc.c,
      src/ex_cmds.c, src/ex_docmd.c, src/if_perl.xs,
      src/testdir/Make_all.mak, src/testdir/test_restricted.vim.
    - debian/patches/CVE-2019-20807-2.patch: missing some changes for Ex
      commands in src/ex_cmds.h.
    - CVE-2019-20807

 -- Marc Deslauriers <email address hidden> Tue, 13 Oct 2020 11:49:09 -0400

Source diff to previous version
CVE-2019-20807 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby,

Version: 2:8.0.1453-1ubuntu1.3 2020-03-23 16:06:17 UTC

  vim (2:8.0.1453-1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Application crash
    - debian/patches/CVE-2018-20786.patch: handle out of
      memory in src/libvterm/src/state.c, src/libvterm/src/vterm.c,
    - CVE-2018-20786
  * SECURITY UPDATE: Access after free
    - debian/patches/CVE-2019-20079.patch: avoid using 'wp'
      after autocommands in src/window.c, src/testdir/test_autocmd.vim.
    - debian/patches/patch-8.1.1192-mode-is-not-cleared*.patch:
      Clear the mode when redraw_cmdline is set in src/globals.h,
    - CVE-2019-20079

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 18 Mar 2020 15:29:15 -0300

Source diff to previous version
CVE-2018-20786 libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (applicatio
CVE-2019-20079 The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

Version: 2:8.0.1453-1ubuntu1.1 2019-06-11 18:06:17 UTC

  vim (2:8.0.1453-1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2019-12735.patch: disallow
      sourcing a file in the sandbox in src/getchar.c
    - CVE-2019-12735

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 06 Jun 2019 14:31:41 -0300

CVE-2019-12735 getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a model

About   -   Send Feedback to @ubuntu_updates