Package "vim-gui-common"

  vim (2:8.1.2269-1ubuntu5.16) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2264.patch: Adjust the end mark position.
    - debian/patches/CVE-2022-2284.patch: Stop Visual mode when closing a
      window.
    - CVE-2022-2264
    - CVE-2022-2284
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2208.patch: Recompute diffs later. Skip
      window without a valid buffer.
    - CVE-2022-2208
  * SECURITY UPDATE: out-of-bounds write issue
    - debian/patches/CVE-2022-2210.patch: Use zero offset when change
      removes all lines in a diff block
    - CVE-2022-2210
  * SECURITY UPDATE: out-of-bounds read issue
    - debian/patches/CVE-2022-2257.patch: Check for NUL.
    - debian/patches/CVE-2022-2286.patch: Check the length of the string
    - debian/patches/CVE-2022-2287.patch: Disallow adding a word with
      control characters or a trailing slash.
    - CVE-2022-2257
    - CVE-2022-2286
    - CVE-2022-2287
  * SECURITY UPDATE: integer overflow issue
    - debian/patches/CVE-2022-2285.patch: Put a NUL after the typeahead.
    - CVE-2022-2285
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-2289.patch: Bail out when diff pointer is no
      longer valid
    - CVE-2022-2289
  * debian/patches/update_flaky_tests.patch: add few tests to flaky

 -- Nishit Majithia <email address hidden> Tue, 01 Aug 2023 14:00:18 +0530

  vim (2:8.1.2269-1ubuntu5.15) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference when processing register content
    - debian/patches/CVE-2023-2609.patch: check "y_array" is not NULL.
    - CVE-2023-2609
  * SECURITY UPDATE: integer overflow and excessive memory consumption when
    allocating memory for tilde processing in pattern
    - debian/patches/CVE-2023-2610.patch: limit the text length to MAXCOL.
    - CVE-2023-2610

 -- Camila Camargo de Matos <email address hidden> Wed, 24 May 2023 11:28:35 -0300

  vim (2:8.1.2269-1ubuntu5.14) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read vulnerability
    - debian/patches/CVE-2021-4166.patch: crash when clearing the argument
      list while using it
    - CVE-2021-4166
  * SECURITY UPDATE: use-after-free when matching inside a visual selection
    - debian/patches/CVE-2021-4192.patch: get the line again after getvvcol().
    - CVE-2021-4192
  * SECURITY UPDATE: out-of-bounds read when processing data in visual mode
    - debian/patches/CVE-2021-4193.patch: check for valid column in getvcol().
    - CVE-2021-4193
  * SECURITY UPDATE: heap buffer overflow when processing long file names
    - debian/patches/CVE-2022-0213.patch: check length when appending a space.
    - CVE-2022-0213
  * SECURITY UPDATE: heap-based buffer overflow when performing a block insert
    - debian/patches/CVE-2022-0261.patch: handle invalid byte better. Fix
      inserting the wrong text.
    - debian/patches/CVE-2022-0318-1.patch: for block insert only use the
      offset for correcting the length.
    - debian/patches/CVE-2022-0318-2.patch: adjust the expected output for
      utf8 block insert test.
    - CVE-2022-0261
    - CVE-2022-0318
  * SECURITY UPDATE: out-of-bounds read when exchanging windows in visual mode
    - debian/patches/CVE-2022-0319.patch: correct end of Visual area when
      entering another buffer.
    - CVE-2022-0319
  * SECURITY UPDATE: stack pointer corruption when parsing too many brackets
    in expression
    - debian/patches/CVE-2022-0351.patch: limit recursion to 1000.
    - CVE-2022-0351
  * SECURITY UPDATE: illegal memory access when processing large indent in ex
    mode
    - debian/patches/CVE-2022-0359.patch: allocate enough memory.
    - CVE-2022-0359
  * SECURITY UPDATE: illegal memory access when copying lines in visual mode
    - debian/patches/CVE-2022-0361.patch: adjust the Visual position after
      copying lines.
    - CVE-2022-0361
  * SECURITY UPDATE: illegal memory access when undo makes visual area invalid
    in visual mode
    - debian/patches/CVE-2022-0368.patch: correct the Visual area after undo.
    - CVE-2022-0368
  * SECURITY UPDATE: stack corruption when looking for spelling suggestions
    - debian/patches/CVE-2022-0408.patch: prevent the depth increased too
      much. Add a five second time limit to finding suggestions.
    - CVE-2022-0408
  * SECURITY UPDATE: use of freed memory when managing buffers
    - debian/patches/CVE-2022-0443.patch: do not use wiped out buffer.
    - CVE-2022-0443
  * SECURITY UPDATE: heap buffer overflow when processing vim buffers
    - debian/patches/CVE-2022-0554.patch: when deleting the current buffer to
      not pick a quickfix buffer as the new current buffer.
    - CVE-2022-0554
  * SECURITY UPDATE: heap buffer overflow when repeatedly using :retab
    - debian/patches/CVE-2022-0572.patch: bail out when the line is getting
      too long.
    - CVE-2022-0572
  * SECURITY UPDATE: stack buffer overflow vulnerability
    - debian/patches/CVE-2022-0629.patch: crash when using many composing
      characters in error message
    - CVE-2022-0629
  * SECURITY UPDATE: out-of-range pointer offset when using special multi-byte
    character
    - debian/patches/CVE-2022-0685.patch: don't use isalpha() for an arbitrary
      character.
    - CVE-2022-0685
  * SECURITY UPDATE: heap buffer overflow when processing anomalous
    'vartabstop' value
    - debian/patches/CVE-2022-0714.patch: check for running into the end of
      the line.
    - CVE-2022-0714
  * SECURITY UPDATE: out-of-range pointer offset when processing specific
    regexp pattern and string
    - debian/patches/CVE-2022-0729.patch: stop at the start of the string.
    - CVE-2022-0729
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2207.patch: adds a check to see if the cursor
      column is great than zero.
    - CVE-2022-2207

 -- Nishit Majithia <email address hidden> Tue, 18 Apr 2023 15:50:44 +0530

  vim (2:8.1.2269-1ubuntu5.13) focal-security; urgency=medium

  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2022-0413.patch: make a copy of the substitute pattern
      that starts with "\=" in do_sub() in src/ex_cmds.c and free it at the end
      of the method and add test case Test_using_old_sub in
      src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1796.patch: make a copy of the pattern to search
      for as it could get freed in do_window() in src/window.c and add test
      case Test_define_search in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1898.patch: make a copy of the string as it could
      get freed in nv_brackets() in src/normal.c, and add a test inside the
      Test_define_search test case in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1968.patch: mitigates the potential for a use
      after free scenario by making a copy of a buffer to use for future
      reference
    - debian/patches/CVE-2022-2946.patch: using freed memory when 'tagfunc'
      deletes the buffer
    - CVE-2022-0413
    - CVE-2022-1796
    - CVE-2022-1898
    - CVE-2022-1968
    - CVE-2022-2946
  * SECURITY UPDATE: buffer over-read
    - debian/patches/CVE-2022-1629.patch: add a check for null after a
      backslash in find_next_quote() in src/search.c and add test case
      Test_string_html_objects in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1720.patch: reading past end of line with "gf" in
      Visual block mode
    - debian/patches/CVE-2022-1733.patch: add a check for null when checking
      for trailing ' in skip_string() in src/misc1.c and add test case
      Test_cindent_check_funcdecl in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1735.patch: add a new function, check_visual_pos
      in src/misc2.c and invoke it in src/change.c and src/edit.c. Add the new
      function header in src/proto/misc2.pro and add test case
      Test_visual_block_with_substitute in src/testdir/test_visual.vim.
    - debian/patches/CVE-2022-1851.patch: add a call to check_cursor() after
      formatting in op_format() in src/ops.c and add test case
      Test_correct_cursor_position in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1927.patch: cursor position may be invalid after
      "0;" range
    - debian/patches/CVE-2022-2845.patch: reading before the start of the line
    - CVE-2022-1629
    - CVE-2022-1720
    - CVE-2022-1733
    - CVE-2022-1735
    - CVE-2022-1851
    - CVE-2022-1927
    - CVE-2022-2845
  * SECURITY UPDATE: crash when matching buffer with invalid pattern
    - debian/patches/CVE-2022-1674.patch: check for NULL regprog
    - CVE-2022-1674
  * SECURITY UPDATE: buffer over-write
    - debian/patches/CVE-2022-1785.patch: add textlock flag to disallow
      changing text or switching window before calling vim_regsub_multi() in
      src/ex_cmds.c.
    - CVE-2022-1785
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-1942.patch: adds a control to disallow the
      opening of a command line window when text or buffer is locked.
    - debian/patches/CVE-2022-2344.patch: reading past end of completion with
      duplicate match
    - debian/patches/CVE-2022-2571.patch: reading past end of line with insert
      mode completion
    - debian/patches/CVE-2022-2849.patch: invalid memory access with for loop
      over NULL string
    - CVE-2022-1942
    - CVE-2022-2344
    - CVE-2022-2571
    - CVE-2022-2849
  * SECURITY UPDATE: searching for quotes may go over the end of the line
    - debian/patches/CVE-2022-2124.patch: check for running into the NULL
    - CVE-2022-2124
  * SECURITY UPDATE: lisp indenting my run over the end of the line
    - debian/patches/CVE-2022-2125.patch: check for NULL earlier
    - CVE-2022-2125
  * SECURITY UPDATE: using invalid index when looking for spell suggestions
    - debian/patches/CVE-2022-2126.patch: do not decrement the index when it
      is zero
    - CVE-2022-2126
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2022-2129.patch: prevents the editing of another file
      when either curbuf_lock or textlock is set.
    - CVE-2022-2129
  * SECURITY UPDATE: invalid memory access when using an expression on the
    command line
    - debian/patches/CVE-2022-2175-1.patch: make sure the position does not
      go negative
    - debian/patches/CVE-2022-2175-2.patch: add missing #ifdef FEAT_EVAL
    - CVE-2022-2175
  * SECURITY UPDATE: reading beyond the end of the line with lisp indenting
    - debian/patches/CVE-2022-2183.patch: avoid going over the NUL at the end
      of the line
    - CVE-2022-2183
  * SECURITY UPDATE: accessing invalid memory after changing terminal size
    - debian/patches/CVE-2022-2206.patch: adjust cmdline_row and msg_row to
      the value of Rows
    - CVE-2022-2206
  * SECURITY UPDATE: spell dump may go beyond end of an array
    - debian/patches/CVE-2022-2304.patch: limit the word length
    - CVE-2022-2304
  * SECURITY UPDATE: using freed memory with recursive substitution
    - debian/patches/CVE-2022-2345.patch: always make a copy of
      reg_prev_sub
    - CVE-2022-2345
  * SECURITY UPDATE: illegal memory access when pattern starts with
    illegal byte
    - debian/patches/CVE-2022-2581.patch: do not match a character with an
      illegal byte
    - CVE-2022-2581
  * SECURITY UPDATE: null pointer dereference issue
    - debian/patches/CVE-2022-2923.patch: crash when using ":mkspell" with an
      empty .dic file
    - debian/patches/CVE-2022-2980.patch: crash with mouse click when not
      initialized
    - CVE-2022-2923
    - CVE-2022-2980

 -- Nishit Majithia <email address hidden> Mon, 03 Apr 2023 11:51:26 +0530

  vim (2:8.1.2269-1ubuntu5.12) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference when creating blank mouse
    pointer
    - debian/patches/CVE-2022-47024.patch: only use the return value of
      XChangeGC() when it is not NULL.
    - CVE-2022-47024
  * SECURITY UPDATE: invalid memory access with bad 'statusline' value
    - debian/patches/CVE-2023-0049.patch: avoid going over the NULL at the end
      of a statusline.
    - CVE-2023-0049
  * SECURITY UPDATE: invalid memory access with recursive substitute
    expression
    - debian/patches/CVE-2023-0054.patch: check the return value of
      vim_regsub().
    - CVE-2023-0054
  * SECURITY UPDATE: invalid memory access with folding and using "L"
    - debian/patches/CVE-2023-0288.patch: prevent the cursor from moving to
      line zero.
    - CVE-2023-0288
  * SECURITY UPDATE: reading past the end of a line when formatting text
    - debian/patches/CVE-2023-0433.patch: check for not going over the end of
      the line.
    - CVE-2023-0433
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-1170.patch: accessing invalid memory with put
      in Visual block mode
    - CVE-2023-1170
  * SECURITY UPDATE: incorrect calculation of buffer size
    - debian/patches/CVE-2023-1175.patch: illegal memory access when using
      virtual editing
    - CVE-2023-1175
  * SECURITY UPDATE: NULL pointer dereference vulnerability
    - debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
      :open command
    - CVE-2023-1264

 -- Nishit Majithia <email address hidden> Fri, 17 Mar 2023 16:38:34 +0530