UbuntuUpdates.org

Package "vim"

Name: vim

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Vi IMproved - enhanced vi editor - with Athena GUI
  • Vi IMproved - enhanced vi editor (dummy package)
  • Vi IMproved - enhanced vi editor - with GTK3 GUI
  • Vi IMproved - Common GUI files

Latest version: 2:8.2.2434-1ubuntu1.1
Release: hirsute (21.04)
Level: security
Repository: universe

Links



Other versions of "vim" in Hirsute

Repository Area Version
base main 2:8.2.2434-1ubuntu1
base universe 2:8.2.2434-1ubuntu1
security main 2:8.2.2434-1ubuntu1.1
updates main 2:8.2.2434-1ubuntu1.1
updates universe 2:8.2.2434-1ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:8.2.2434-1ubuntu1.1 2021-09-28 12:06:25 UTC

  vim (2:8.2.2434-1ubuntu1.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with
    large value
    - debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive
      number in src/indent.c.
    - debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with
      invalid argument
    - CVE-2021-3770
  * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of
    line with invalid utf-8 character
    - debian/patches/CVE-2021-3778.patch: Validate encoding of character before
      advancing line in regexp_nfa.c.
    - CVE-2021-3778
  * SECURITY UPDATE: Fix use after free when replacing
    - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
      ins_copychar() in src/normal.c.
    - CVE-2021-3796

 -- Spyros Seimenis <email address hidden> Mon, 20 Sep 2021 14:49:18 +0300

CVE-2021-3770 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3796 vim is vulnerable to Use After Free



About   -   Send Feedback to @ubuntu_updates