UbuntuUpdates.org

Package "vim-gtk3"

Name: vim-gtk3

Description:

Vi IMproved - enhanced vi editor - with GTK3 GUI

Latest version: 2:8.0.1453-1ubuntu1.13
Release: bionic (18.04)
Level: security
Repository: main
Head package: vim
Homepage: https://vim.sourceforge.io/

Links


Download "vim-gtk3"


Other versions of "vim-gtk3" in Bionic

Repository Area Version
base main 2:8.0.1453-1ubuntu1
updates main 2:8.0.1453-1ubuntu1.13

Changelog

Version: 2:8.0.1453-1ubuntu1.13 2023-04-19 11:32:28 UTC

  vim (2:8.0.1453-1ubuntu1.13) bionic-security; urgency=medium

  * SECURITY UPDATE: use-after-free when matching inside a visual selection
    - debian/patches/CVE-2021-4192.patch: get the line again after getvvcol().
    - CVE-2021-4192
  * SECURITY UPDATE: out-of-bounds read when processing data in visual mode
    - debian/patches/CVE-2021-4193.patch: check for valid column in getvcol().
    - CVE-2021-4193
  * SECURITY UPDATE: heap buffer overflow when processing long file names
    - debian/patches/CVE-2022-0213.patch: check length when appending a space.
    - CVE-2022-0213
  * SECURITY UPDATE: heap-based buffer overflow when performing a block insert
    - debian/patches/CVE-2022-0261.patch: handle invalid byte better. Fix
      inserting the wrong text.
    - debian/patches/CVE-2022-0318-1.patch: for block insert only use the
      offset for correcting the length.
    - debian/patches/CVE-2022-0318-2.patch: adjust the expected output for
      utf8 block insert test.
    - CVE-2022-0261
    - CVE-2022-0318
  * SECURITY UPDATE: out-of-bounds read when exchanging windows in visual mode
    - debian/patches/CVE-2022-0319.patch: correct end of Visual area when
      entering another buffer.
    - CVE-2022-0319
  * SECURITY UPDATE: stack pointer corruption when parsing too many brackets
    in expression
    - debian/patches/CVE-2022-0351.patch: limit recursion to 1000.
    - CVE-2022-0351
  * SECURITY UPDATE: illegal memory access when processing large indent in ex
    mode
    - debian/patches/CVE-2022-0359.patch: allocate enough memory.
    - CVE-2022-0359
  * SECURITY UPDATE: illegal memory access when copying lines in visual mode
    - debian/patches/CVE-2022-0361.patch: adjust the Visual position after
      copying lines.
    - CVE-2022-0361
  * SECURITY UPDATE: illegal memory access when undo makes visual area invalid
    in visual mode
    - debian/patches/CVE-2022-0368.patch: correct the Visual area after undo.
    - CVE-2022-0368
  * SECURITY UPDATE: stack corruption when looking for spelling suggestions
    - debian/patches/CVE-2022-0408.patch: prevent the depth increased too
      much. Add a five second time limit to finding suggestions.
    - CVE-2022-0408
  * SECURITY UPDATE: use of freed memory when managing buffers
    - debian/patches/CVE-2022-0443.patch: do not use wiped out buffer.
    - CVE-2022-0443
  * SECURITY UPDATE: heap buffer overflow when processing vim buffers
    - debian/patches/CVE-2022-0554.patch: when deleting the current buffer to
      not pick a quickfix buffer as the new current buffer.
    - CVE-2022-0554
  * SECURITY UPDATE: heap buffer overflow when repeatedly using :retab
    - debian/patches/CVE-2022-0572.patch: bail out when the line is getting
      too long.
    - CVE-2022-0572
  * SECURITY UPDATE: out-of-range pointer offset when using special multi-byte
    character
    - debian/patches/CVE-2022-0685.patch: don't use isalpha() for an arbitrary
      character.
    - CVE-2022-0685
  * SECURITY UPDATE: heap buffer overflow when processing anomalous
    'vartabstop' value
    - debian/patches/CVE-2022-0714.patch: check for running into the end of
      the line.
    - CVE-2022-0714
  * SECURITY UPDATE: out-of-range pointer offset when processing specific
    regexp pattern and string
    - debian/patches/CVE-2022-0729.patch: stop at the start of the string.
    - CVE-2022-0729
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2207.patch: adds a check to see if the cursor
      column is great than zero.
    - CVE-2022-2207

 -- Nishit Majithia <email address hidden> Tue, 18 Apr 2023 14:50:34 +0530

Source diff to previous version
CVE-2021-4192 vim is vulnerable to Use After Free
CVE-2021-4193 vim is vulnerable to Out-of-bounds Read
CVE-2022-0213 vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2.
CVE-2022-0351 Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-0359 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0361 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0368 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0408 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0443 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0554 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0685 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
CVE-2022-0714 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVE-2022-0729 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVE-2022-2207 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Version: 2:8.0.1453-1ubuntu1.12 2023-04-04 11:06:53 UTC

  vim (2:8.0.1453-1ubuntu1.12) bionic-security; urgency=medium

  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2022-0413.patch: make a copy of the substitute pattern
      that starts with "\=" in do_sub() in src/ex_cmds.c and free it at the end
      of the method and add test case Test_using_old_sub in
      src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1796.patch: make a copy of the pattern to search
      for as it could get freed in do_window() in src/window.c and add test
      case Test_define_search in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1898.patch: make a copy of the string as it could
      get freed in nv_brackets() in src/normal.c, and add a test inside the
      Test_define_search test case in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1968.patch: mitigates the potential for a use
      after free scenario by making a copy of a buffer to use for future
      reference
    - debian/patches/CVE-2022-2946.patch: using freed memory when 'tagfunc'
      deletes the buffer
    - CVE-2022-0413
    - CVE-2022-1796
    - CVE-2022-1898
    - CVE-2022-1968
    - CVE-2022-2946
  * SECURITY UPDATE: buffer over-read
    - debian/patches/CVE-2022-1629.patch: add a check for null after a
      backslash in find_next_quote() in src/search.c and add test case
      Test_string_html_objects in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1720.patch: reading past end of line with "gf" in
      Visual block mode
    - debian/patches/CVE-2022-1733.patch: add a check for null when checking
      for trailing ' in skip_string() in src/misc1.c and add test case
      Test_cindent_check_funcdecl in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-1735.patch: add a new function, check_visual_pos
      in src/misc2.c and invoke it in src/change.c and src/edit.c. Add the new
      function header in src/proto/misc2.pro and add test case
      Test_visual_block_with_substitute in src/testdir/test_visual.vim.
    - debian/patches/CVE-2022-1851.patch: add a call to check_cursor() after
      formatting in op_format() in src/ops.c and add test case
      Test_correct_cursor_position in src/testdir/test_CVE.vim.
    - debian/patches/CVE-2022-2845.patch: reading before the start of the line
    - CVE-2022-1629
    - CVE-2022-1720
    - CVE-2022-1733
    - CVE-2022-1735
    - CVE-2022-1851
    - CVE-2022-2845
  * SECURITY UPDATE: crash when matching buffer with invalid pattern
    - debian/patches/CVE-2022-1674.patch: check for NULL regprog
    - CVE-2022-1674
  * SECURITY UPDATE: buffer over-write
    - debian/patches/CVE-2022-1785.patch: add textlock flag to disallow
      changing text or switching window before calling vim_regsub_multi() in
      src/ex_cmds.c.
    - CVE-2022-1785
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-1942.patch: adds a control to disallow the
      opening of a command line window when text or buffer is locked.
    - debian/patches/CVE-2022-2571.patch: reading past end of line with insert
      mode completion
    - debian/patches/CVE-2022-2849.patch: invalid memory access with for loop
      over NULL string
    - CVE-2022-1942
    - CVE-2022-2571
    - CVE-2022-2849
  * SECURITY UPDATE: searching for quotes may go over the end of the line
    - debian/patches/CVE-2022-2124.patch: check for running into the NULL
    - CVE-2022-2124
  * SECURITY UPDATE: lisp indenting my run over the end of the line
    - debian/patches/CVE-2022-2125.patch: check for NULL earlier
    - CVE-2022-2125
  * SECURITY UPDATE: using invalid index when looking for spell suggestions
    - debian/patches/CVE-2022-2126.patch: do not decrement the index when it
      is zero
    - CVE-2022-2126
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2022-2129.patch: prevents the editing of another file
      when either curbuf_lock or textlock is set.
    - CVE-2022-2129
  * SECURITY UPDATE: invalid memory access when using an expression on the
    command line
    - debian/patches/CVE-2022-2175-1.patch: make sure the position does not
      go negative
    - debian/patches/CVE-2022-2175-2.patch: add missing #ifdef FEAT_EVAL
    - CVE-2022-2175
  * SECURITY UPDATE: reading beyond the end of the line with lisp indenting
    - debian/patches/CVE-2022-2183.patch: avoid going over the NUL at the end
      of the line
    - CVE-2022-2183
  * SECURITY UPDATE: accessing invalid memory after changing terminal size
    - debian/patches/CVE-2022-2206.patch: adjust cmdline_row and msg_row to
      the value of Rows
    - CVE-2022-2206
  * SECURITY UPDATE: spell dump may go beyond end of an array
    - debian/patches/CVE-2022-2304.patch: limit the word length
    - CVE-2022-2304
  * SECURITY UPDATE: using freed memory with recursive substitution
    - debian/patches/CVE-2022-2345.patch: always make a copy of
      reg_prev_sub
    - CVE-2022-2345
  * SECURITY UPDATE: illegal memory access when pattern starts with
    illegal byte
    - debian/patches/CVE-2022-2581.patch: do not match a character with an
      illegal byte
    - CVE-2022-2581
  * SECURITY UPDATE: null pointer dereference issue
    - debian/patches/CVE-2022-2923.patch: crash when using ":mkspell" with an
      empty .dic file
    - CVE-2022-2923

 -- Nishit Majithia <email address hidden> Mon, 03 Apr 2023 11:32:48 +0530

Source diff to previous version
CVE-2022-0413 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-1796 Use After Free in GitHub repository vim/vim prior to 8.2.4979.
CVE-2022-1898 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-1968 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2946 Use After Free in GitHub repository vim/vim prior to 9.0.0246.
CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, M
CVE-2022-1720 Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, m
CVE-2022-1733 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
CVE-2022-1735 Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
CVE-2022-1851 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2845 Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218.
CVE-2022-1674 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in
CVE-2022-1785 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
CVE-2022-1942 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2571 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
CVE-2022-2849 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
CVE-2022-2124 Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2125 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-2126 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2129 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2175 Buffer Over-read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2183 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2206 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-2304 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2345 Use After Free in GitHub repository vim/vim prior to 9.0.0046.
CVE-2022-2581 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
CVE-2022-2923 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.

Version: 2:8.0.1453-1ubuntu1.11 2023-03-20 14:07:04 UTC

  vim (2:8.0.1453-1ubuntu1.11) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference when creating blank mouse
    pointer
    - debian/patches/CVE-2022-47024.patch: only use the return value of
      XChangeGC() when it is not NULL.
    - CVE-2022-47024
  * SECURITY UPDATE: invalid memory access with bad 'statusline' value
    - debian/patches/CVE-2023-0049.patch: avoid going over the NULL at the end
      of a statusline.
    - CVE-2023-0049
  * SECURITY UPDATE: invalid memory access with recursive substitute
    expression
    - debian/patches/CVE-2023-0054.patch: check the return value of
      vim_regsub().
    - CVE-2023-0054
  * SECURITY UPDATE: invalid memory access with folding and using "L"
    - debian/patches/CVE-2023-0288.patch: prevent the cursor from moving to
      line zero.
    - CVE-2023-0288
  * SECURITY UPDATE: reading past the end of a line when formatting text
    - debian/patches/CVE-2023-0433.patch: check for not going over the end of
      the line.
    - CVE-2023-0433
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-1170.patch: accessing invalid memory with put
      in Visual block mode
    - CVE-2023-1170
  * SECURITY UPDATE: incorrect calculation of buffer size
    - debian/patches/CVE-2023-1175.patch: illegal memory access when using
      virtual editing
    - CVE-2023-1175

 -- Nishit Majithia <email address hidden> Fri, 17 Mar 2023 10:54:33 +0530

Source diff to previous version
CVE-2022-47024 A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to
CVE-2023-0049 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
CVE-2023-0054 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
CVE-2023-0288 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
CVE-2023-0433 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
CVE-2023-1170 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.
CVE-2023-1175 Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

Version: 2:8.0.1453-1ubuntu1.10 2023-01-12 21:07:26 UTC

  vim (2:8.0.1453-1ubuntu1.10) bionic-security; urgency=medium

  * SECURITY UPDATE: illegal memory access with bracketed paste in Ex mode
    - debian/patches/CVE-2022-0392.patch: reverse space for the trailing NUL
    - CVE-2022-0392

 -- Mark Esler <email address hidden> Wed, 11 Jan 2023 17:53:52 -0600

Source diff to previous version
CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

Version: 2:8.0.1453-1ubuntu1.9 2022-09-15 19:07:12 UTC

  vim (2:8.0.1453-1ubuntu1.9) bionic-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow in spelling suggestion
    function
    - debian/patches/CVE-2022-0943.patch: adjust "badlen".
    - CVE-2022-0943
  * SECURITY UPDATE: use-after-free when processing regular expressions in old
    engine
    - debian/patches/CVE-2022-1154.patch: after getting mark get the line
      again.
    - CVE-2022-1154
  * SECURITY UPDATE: buffer overflow when using invalid command with composing
    chars
    - debian/patches/CVE-2022-1616.patch: check that the whole character fits
      in the buffer.
    - CVE-2022-1616
  * SECURITY UPDATE: heap buffer overflow when processing CTRL-W in latin1
    encoding
    - debian/patches/CVE-2022-1619.patch: check already being at the start of
      the command line.
    - CVE-2022-1619
  * SECURITY UPDATE: NULL pointer access when using invalid pattern
    - debian/patches/CVE-2022-1620.patch: check for failed regexp program.
    - CVE-2022-1620
  * SECURITY UPDATE: heap buffer overflow when processing invalid character
    added to word list
    - debian/patches/CVE-2022-1621.patch: check for a valid word string.
    - debian/patches/remove_test_spell_single_word.patch: removal of test
      test_spell_single_word from src/testdir/test_spell.vim
    - CVE-2022-1621

 -- Nishit Majithia <email address hidden> Tue, 13 Sep 2022 20:37:18 +0530

CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protectio
CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashi
CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in
CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Byp



About   -   Send Feedback to @ubuntu_updates