UbuntuUpdates.org

Package "vim"

Name: vim

Description:

Vi IMproved - enhanced vi editor

Latest version: 2:8.2.2434-3ubuntu3.2
Release: impish (21.10)
Level: updates
Repository: main
Homepage: https://www.vim.org/

Links


Download "vim"


Other versions of "vim" in Impish

Repository Area Version
base main 2:8.2.2434-3ubuntu3
base universe 2:8.2.2434-3ubuntu3
security main 2:8.2.2434-3ubuntu3.2
security universe 2:8.2.2434-3ubuntu3.2
updates universe 2:8.2.2434-3ubuntu3.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:8.2.2434-3ubuntu3.2 2022-01-20 17:06:35 UTC

  vim (2:8.2.2434-3ubuntu3.2) impish-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
    service when using CTRL+w+f with an empty filename
    - debian/patches/CVE-2021-3973-1.patch: Ensure filename is checked for
      zero length in src/findfile.c, src/normal.c and
      src/testdir/test_visual.vim
    - debian/patches/CVE-2021-3973-2.patch: Fix for failing test in
      src/findfile.c
    - CVE-2021-3973

  * SECURITY UPDATE: Use-after-free issue in regular expression engine when
    using a mark, could lead to a denial of service or code execution.
    - debian/patches/CVE-2021-3974.patch: Ensure check for free is made when
      processing mark in src/regexp_nfa.c, src/testdir/test_regexp_latin.vim
    - CVE-2021-3974

  * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
    service or possible code execution when C-indenting
    - debian/patches/CVE-2021-3984.patch: Fix memory access issue by correctly
      dereferencing cursor position in src/cindent.c and
      src/testdir/test_cindent.vim
    - CVE-2021-3984

  * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
    service when help functions are provided with long command strings
    - debian/patches/CVE-2021-4019.patch: Fix handling of strcpy to use safer
      vim_snprintf in src/help.c and src/testdir/test_help.vim
    - CVE-2021-4019

  * SECURITY UPDATE: Use-after-free issue in open command can lead to a denial
    of service or possible code execution
    - debian/patches/CVE-2021-4069.patch: Fix issue making a copy of the
      current line and its address in src/ex_docmd.c and
      src/testdir/test_ex_mode.vim
    - CVE-2021-4069

 -- Ray Veldkamp <email address hidden> Sat, 18 Dec 2021 03:55:33 +1100

Source diff to previous version
CVE-2021-3973 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3974 vim is vulnerable to Use After Free
CVE-2021-3984 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4019 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-4069 vim is vulnerable to Use After Free

Version: 2:8.2.2434-3ubuntu3.1 2021-11-15 16:06:29 UTC

  vim (2:8.2.2434-3ubuntu3.1) impish-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when buffer name is very
    long
    - debian/patches/CVE-2021-3872.patch: Make sure not to go over the end of
      the buffer in src/drawscreen.c, src/testdir/test_statusline.vim.
    - CVE-2021-3872
  * SECURITY UPDATE: Fix heap-based buffer overflow when scrolling without a
    valid screen
    - debian/patches/CVE-2021-3903.patch: Do not set VALID_BOTLINE in w_valid
      in src/move.c, src/testdir/test_normal.vim.
    - CVE-2021-3903
  * SECURITY UPDATE: Fix heap-based buffer overflow when reading character
    past end of line
    - debian/patches/CVE-2021-3927.patch: Correct the cursor column in
      src/ex_docmd.c, src/testdir/test_put.vim.
    - CVE-2021-3927
  * SECURITY UPDATE: Fix stack-based buffer overflow when reading
    uninitialized memory when giving spell suggestions
    - debian/patches/CVE-2021-3928.patch: Check that preword is not empty in
      src/spellsuggest.c, src/testdir/test_spell.vim.
    - CVE-2021-3928
  * Fix flaky vim terminal mode test

 -- Spyros Seimenis <email address hidden> Mon, 08 Nov 2021 15:17:01 +0100

CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3903 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3927 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3928 vim is vulnerable to Stack-based Buffer Overflow



About   -   Send Feedback to @ubuntu_updates