UbuntuUpdates.org

Package "vim"

Name: vim

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Vi IMproved - enhanced vi editor - with Athena GUI
  • Vi IMproved - enhanced vi editor (dummy package)
  • Vi IMproved - enhanced vi editor - with GTK3 GUI
  • Vi IMproved - Common GUI files

Latest version: 2:8.2.3995-1ubuntu2.3
Release: jammy (22.04)
Level: security
Repository: universe

Links



Other versions of "vim" in Jammy

Repository Area Version
base main 2:8.2.3995-1ubuntu2
base universe 2:8.2.3995-1ubuntu2
security main 2:8.2.3995-1ubuntu2.3
updates main 2:8.2.3995-1ubuntu2.3
updates universe 2:8.2.3995-1ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:8.2.3995-1ubuntu2.3 2023-01-12 21:07:38 UTC

  vim (2:8.2.3995-1ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: illegal memory access with bracketed paste in Ex mode
    - debian/patches/CVE-2022-0392.patch: reverse space for the trailing NUL
    - CVE-2022-0392
  * SECURITY UPDATE: retab may cause illegal memory access
    - debian/patches/CVE-2022-0417.patch: limit the value of tabstop
    - CVE-2022-0417

 -- Mark Esler <email address hidden> Wed, 11 Jan 2023 17:53:12 -0600

Source diff to previous version
CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
CVE-2022-0417 Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Version: 2:8.2.3995-1ubuntu2.1 2022-09-15 12:07:06 UTC

  vim (2:8.2.3995-1ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in spelling suggestion
    function
    - debian/patches/CVE-2022-0943.patch: adjust "badlen".
    - CVE-2022-0943
  * SECURITY UPDATE: use-after-free when processing regular expressions in old
    engine
    - debian/patches/CVE-2022-1154.patch: after getting mark get the line
      again.
    - CVE-2022-1154
  * SECURITY UPDATE: use out-of-range pointer offset
    - debian/patches/CVE-2022-1420.patch: crash when using a number for lambda
      name
    - CVE-2022-1420
  * SECURITY UPDATE: buffer overflow when using invalid command with composing
    chars
    - debian/patches/CVE-2022-1616.patch: check that the whole character fits
      in the buffer.
    - CVE-2022-1616
  * SECURITY UPDATE: heap buffer overflow when processing CTRL-W in latin1
    encoding
    - debian/patches/CVE-2022-1619.patch: check already being at the start of
      the command line.
    - CVE-2022-1619
  * SECURITY UPDATE: NULL pointer access when using invalid pattern
    - debian/patches/CVE-2022-1620.patch: check for failed regexp program.
    - CVE-2022-1620
  * SECURITY UPDATE: heap buffer overflow when processing invalid character
    added to word list
    - debian/patches/CVE-2022-1621.patch: check for a valid word string.
    - debian/patches/remove_test_spell_single_word.patch: removal of test
      test_spell_single_word from src/testdir/test_spell.vim
    - CVE-2022-1621

 -- Nishit Majithia <email address hidden> Tue, 13 Sep 2022 15:05:02 +0530

CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-1420 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protectio
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashi
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Byp



About   -   Send Feedback to @ubuntu_updates