UbuntuUpdates.org

Package "vim-nox"

Name: vim-nox

Description:

Vi IMproved - enhanced vi editor - with scripting languages support

Latest version: 2:8.0.1453-1ubuntu1.9
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: vim
Homepage: https://vim.sourceforge.io/

Links


Download "vim-nox"


Other versions of "vim-nox" in Bionic

Repository Area Version
base universe 2:8.0.1453-1ubuntu1
security universe 2:8.0.1453-1ubuntu1.9

Changelog

Version: 2:8.0.1453-1ubuntu1.9 2022-09-15 14:06:18 UTC

  vim (2:8.0.1453-1ubuntu1.9) bionic-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in spelling suggestion
    function
    - debian/patches/CVE-2022-0943.patch: adjust "badlen".
    - CVE-2022-0943
  * SECURITY UPDATE: use-after-free when processing regular expressions in old
    engine
    - debian/patches/CVE-2022-1154.patch: after getting mark get the line
      again.
    - CVE-2022-1154
  * SECURITY UPDATE: buffer overflow when using invalid command with composing
    chars
    - debian/patches/CVE-2022-1616.patch: check that the whole character fits
      in the buffer.
    - CVE-2022-1616
  * SECURITY UPDATE: heap buffer overflow when processing CTRL-W in latin1
    encoding
    - debian/patches/CVE-2022-1619.patch: check already being at the start of
      the command line.
    - CVE-2022-1619
  * SECURITY UPDATE: NULL pointer access when using invalid pattern
    - debian/patches/CVE-2022-1620.patch: check for failed regexp program.
    - CVE-2022-1620
  * SECURITY UPDATE: heap buffer overflow when processing invalid character
    added to word list
    - debian/patches/CVE-2022-1621.patch: check for a valid word string.
    - debian/patches/remove_test_spell_single_word.patch: removal of test
      test_spell_single_word from src/testdir/test_spell.vim
    - CVE-2022-1621

 -- Nishit Majithia <email address hidden> Tue, 13 Sep 2022 20:37:18 +0530

Source diff to previous version
CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protectio
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashi
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Byp

Version: 2:8.0.1453-1ubuntu1.8 2022-01-20 17:06:28 UTC

  vim (2:8.0.1453-1ubuntu1.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
    service or possible code execution when C-indenting
    - debian/patches/CVE-2021-3984.patch: Fix memory access issue by correctly
      dereferencing cursor position in src/misc1.c and
      src/testdir/test_cindent.vim
    - CVE-2021-3984

  * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
    service when help functions are provided with long command strings
    - debian/patches/CVE-2021-4019.patch: Fix handling of strcpy to use safer
      vim_snprintf in src/ex_cmds.c and src/testdir/test_help.vim
    - CVE-2021-4019

  * SECURITY UPDATE: Use-after-free issue in open command can lead to a denial
    of service or possible code execution
    - debian/patches/CVE-2021-4069.patch: Fix issue making a copy of the
      current line and its address in src/ex_docmd.c
    - CVE-2021-4069

 -- Ray Veldkamp <email address hidden> Thu, 20 Jan 2022 13:47:53 +1100

Source diff to previous version
CVE-2021-3984 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4019 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4069 vim is vulnerable to Use After Free

Version: 2:8.0.1453-1ubuntu1.7 2021-11-15 16:06:23 UTC

  vim (2:8.0.1453-1ubuntu1.7) bionic-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when scrolling without a
    valid screen
    - debian/patches/CVE-2021-3903.patch: Do not set VALID_BOTLINE in w_valid
      in src/move.c, src/testdir/test_normal.vim.
    - CVE-2021-3903
  * SECURITY UPDATE: Fix heap-based buffer overflow when reading character
    past end of line
    - debian/patches/CVE-2021-3927.patch: Correct the cursor column in
      src/ex_docmd.c, src/testdir/test_put.vim.
    - CVE-2021-3927
  * SECURITY UPDATE: Fix stack-based buffer overflow when reading
    uninitialized memory when giving spell suggestions
    - debian/patches/CVE-2021-3928.patch: Check that preword is not empty in
      src/spell.c, src/testdir/test_spell.vim.
    - CVE-2021-3928

 -- Spyros Seimenis <email address hidden> Tue, 09 Nov 2021 15:34:45 +0100

Source diff to previous version
CVE-2021-3903 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3928 vim is vulnerable to Stack-based Buffer Overflow

Version: 2:8.0.1453-1ubuntu1.6 2021-09-28 12:06:20 UTC

  vim (2:8.0.1453-1ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of
    line with invalid utf-8 character
    - debian/patches/CVE-2021-3778.patch: Validate encoding of character before
      advancing line in regexp_nfa.c.
    - CVE-2021-3778
  * SECURITY UPDATE: Fix use after free when replacing
    - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
      ins_copychar() in src/normal.c.
    - CVE-2021-3796

 -- Spyros Seimenis <email address hidden> Mon, 20 Sep 2021 15:26:53 +0300

Source diff to previous version
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3796 vim is vulnerable to Use After Free

Version: 2:8.0.1453-1ubuntu1.4 2020-10-14 18:07:08 UTC

  vim (2:8.0.1453-1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: rvim restricted mode circumvention
    - debian/patches/CVE-2019-20807-1.patch: disable using interfaces in
      restricted mode in runtime/doc/starting.txt, src/evalfunc.c,
      src/ex_cmds.c, src/ex_docmd.c, src/if_perl.xs,
      src/testdir/Make_all.mak, src/testdir/test_restricted.vim.
    - debian/patches/CVE-2019-20807-2.patch: missing some changes for Ex
      commands in src/ex_cmds.h.
    - CVE-2019-20807

 -- Marc Deslauriers <email address hidden> Tue, 13 Oct 2020 11:49:09 -0400

CVE-2019-20807 In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby,



About   -   Send Feedback to @ubuntu_updates