UbuntuUpdates.org

Package "vim-athena"

Name: vim-athena

Description:

Vi IMproved - enhanced vi editor - with Athena GUI

Latest version: 2:8.2.2434-1ubuntu1.2
Release: hirsute (21.04)
Level: security
Repository: universe
Head package: vim
Homepage: https://www.vim.org/

Links


Download "vim-athena"


Other versions of "vim-athena" in Hirsute

Repository Area Version
base universe 2:8.2.2434-1ubuntu1
updates universe 2:8.2.2434-1ubuntu1.2

Changelog

Version: 2:8.2.2434-1ubuntu1.2 2021-11-15 15:07:23 UTC

  vim (2:8.2.2434-1ubuntu1.2) hirsute-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when buffer name is very
    long
    - debian/patches/CVE-2021-3872.patch: Make sure not to go over the end of
      the buffer in src/drawscreen.c, src/testdir/test_statusline.vim.
    - CVE-2021-3872
  * SECURITY UPDATE: Fix heap-based buffer overflow when scrolling without a
    valid screen
    - debian/patches/CVE-2021-3903.patch: Do not set VALID_BOTLINE in w_valid
      in src/move.c, src/testdir/test_normal.vim.
    - CVE-2021-3903
  * SECURITY UPDATE: Fix heap-based buffer overflow when reading character
    past end of line
    - debian/patches/CVE-2021-3927.patch: Correct the cursor column in
      src/ex_docmd.c, src/testdir/test_put.vim.
    - CVE-2021-3927
  * SECURITY UPDATE: Fix stack-based buffer overflow when reading
    uninitialized memory when giving spell suggestions
    - debian/patches/CVE-2021-3928.patch: Check that preword is not empty in
      src/spellsuggest.c, src/testdir/test_spell.vim.
    - CVE-2021-3928
  * Fix flaky vim terminal mode test

 -- Spyros Seimenis <email address hidden> Mon, 08 Nov 2021 15:19:29 +0100

Source diff to previous version
CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3903 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3928 vim is vulnerable to Stack-based Buffer Overflow

Version: 2:8.2.2434-1ubuntu1.1 2021-09-28 12:06:25 UTC

  vim (2:8.2.2434-1ubuntu1.1) hirsute-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with
    large value
    - debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive
      number in src/indent.c.
    - debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with
      invalid argument
    - CVE-2021-3770
  * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of
    line with invalid utf-8 character
    - debian/patches/CVE-2021-3778.patch: Validate encoding of character before
      advancing line in regexp_nfa.c.
    - CVE-2021-3778
  * SECURITY UPDATE: Fix use after free when replacing
    - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
      ins_copychar() in src/normal.c.
    - CVE-2021-3796

 -- Spyros Seimenis <email address hidden> Mon, 20 Sep 2021 14:49:18 +0300

CVE-2021-3770 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3796 vim is vulnerable to Use After Free



About   -   Send Feedback to @ubuntu_updates