UbuntuUpdates.org

Package "vim-runtime"

Name: vim-runtime

Description:

Vi IMproved - Runtime files
Latest version: 2:8.1.2269-1ubuntu5.29
Release: focal (20.04)
Level: security
Repository: main
Head package: vim
Homepage: https://www.vim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vim-runtime"

All arch deb package
APT INSTALL

Other versions of "vim-runtime" in Focal

Repository Area Version
base main 2:8.1.2269-1ubuntu5
updates main 2:8.1.2269-1ubuntu5.29

Changelog

Version: 2:8.1.2269-1ubuntu5.29 2024-11-27 18:06:55 UTC

  vim (2:8.1.2269-1ubuntu5.29) focal-security; urgency=medium

  * SECURITY UPDATE: Use after free when closing a buffer.
    - debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
      Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
      Add buf_locked() in src/proto/buffer.pro.
    - CVE-2024-47814
  * debian/patches/skip-flaky-tests.patch: Skip failing tests.

 -- Hlib Korzhynskyy <email address hidden> Thu, 21 Nov 2024 14:42:44 -0330
Source diff to previous version
CVE-2024-47814 Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLe

Version: 2:8.1.2269-1ubuntu5.25 2024-10-01 06:06:52 UTC

  vim (2:8.1.2269-1ubuntu5.25) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-43802.patch: check buflen before advancing
      offset.
    - CVE-2024-43802

 -- Vyom Yadav <email address hidden> Wed, 25 Sep 2024 10:48:33 +0530
Source diff to previous version
CVE-2024-43802 Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but

Version: 2:8.1.2269-1ubuntu5.24 2024-09-05 04:07:03 UTC

  vim (2:8.1.2269-1ubuntu5.24) focal-security; urgency=medium

  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2024-41957.patch: set tagname to NULL
      after being freed
    - CVE-2024-41957
  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2024-43374.patch: add lock to keep
      reference valid
    - CVE-2024-43374

 -- Bruce Cable <email address hidden> Wed, 04 Sep 2024 13:11:27 +1000
Source diff to previous version
CVE-2024-41957 Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack
CVE-2024-43374 The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this

Version: 2:8.1.2269-1ubuntu5.22 2024-03-18 18:06:54 UTC

  vim (2:8.1.2269-1ubuntu5.22) focal-security; urgency=medium

  * SECURITY UPDATE: stack based buffer overflow
    - debian/patches/CVE-2024-22667.patch: passes error buffer length down
      through option callback functions.
    - CVE-2024-22667

 -- Ian Constantin <email address hidden> Thu, 14 Mar 2024 11:29:25 +0200
Source diff to previous version
CVE-2024-22667 Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down

Version: 2:8.1.2269-1ubuntu5.21 2023-12-14 17:07:01 UTC

  vim (2:8.1.2269-1ubuntu5.21) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
      in more places.
    - CVE-2022-1725
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
    - CVE-2022-1771
  * SECURITY UPDATE: out of bounds write vulnerability
    - debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
      command.
    - CVE-2022-1897
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2022-2000.patch: addresses the potential for an
      overflow by adding a bounds check and truncating the message if needed.
    - CVE-2022-2000
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-46246.patch: Check that the return value from the
      vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
      an error.
    - CVE-2023-46246
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-48231.patch: If the current window structure is
      no longer valid, fail and return before attempting to set win->w_closing
      variable.
    - CVE-2023-48231
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48233.patch: If the count after the :s command is
      larger than what fits into a (signed) long variable, abort with
      e_value_too_large.
    - CVE-2023-48233
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
      command, it may overflow for large counts given. So verify, that we can
      safely store the result in a long.
    - CVE-2023-48234
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
      one may unintentionally cause an overflow (because LONG_MAX - lnum will
      overflow for negative addresses).
    - CVE-2023-48235
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48236.patch: When using the z= command, we may
      overflow the count with values larger than MAX_INT. So verify that we do
      not overflow and in case when an overflow is detected, simply return 0.
    - CVE-2023-48236
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48237.patch: When shifting lines in operator
      pending mode and using a very large value, we may overflow the size of
      integer. Fix this by using a long variable, testing if the result would
      be larger than INT_MAX and if so, indent by INT_MAX value.
    - CVE-2023-48237

 -- Fabian Toepfer <email address hidden> Thu, 07 Dec 2023 16:42:49 +0100
CVE-2022-1725 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVE-2022-1771 Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
CVE-2022-1897 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2000 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2023-46246 Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `sr
CVE-2023-48231 Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond cras
CVE-2023-48233 Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with
CVE-2023-48234 Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is
CVE-2023-48235 Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens
CVE-2023-48236 Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is
CVE-2023-48237 Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it ma


About   -   Send Feedback to @ubuntu_updates