UbuntuUpdates.org

Package "vim-runtime"

Name: vim-runtime

Description:

Vi IMproved - Runtime files

Latest version: 2:8.1.2269-1ubuntu5.25
Release: focal (20.04)
Level: security
Repository: main
Head package: vim
Homepage: https://www.vim.org/

Links


Download "vim-runtime"


Other versions of "vim-runtime" in Focal

Repository Area Version
base main 2:8.1.2269-1ubuntu5
updates main 2:8.1.2269-1ubuntu5.26

Changelog

Version: 2:8.1.2269-1ubuntu5.18 2023-10-09 07:08:14 UTC

  vim (2:8.1.2269-1ubuntu5.18) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-3234.patch: Check for replacing NUL after Tab.
    - debian/patches/CVE-2022-3520.patch: Check that the column does not
      become negative.
    - CVE-2022-3234
    - CVE-2022-3520
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-3256.patch: Copy the mark before editing
      another buffer
    - debian/patches/CVE-2022-3352.patch: Disallow deleting the current
      buffer to avoid using freed memory
    - debian/patches/CVE-2022-3591.patch: Disallow navigating to a dummy
      buffer
    - debian/patches/CVE-2022-3705.patch: Set the quickfix-busy flag while
      filling the buffer
    - debian/patches/CVE-2022-4292.patch: Bail out if the window no longer
      exists.
    - CVE-2022-3256
    - CVE-2022-3352
    - CVE-2022-3591
    - CVE-2022-3705
    - CVE-2022-4292
  * SECURITY UPDATE: stack-based buffer overflow
    - debian/patches/CVE-2022-3324.patch: Make sure the window width does
      not become negative
    - CVE-2022-3324
  * SECURITY UPDATE: incorrect floating point comparison
    - debian/patches/CVE-2022-4293.patch: fix floating point comparison
    - CVE-2022-4293
  * debian/patches/fix_flaky_tests.patch: skip failing test

 -- Nishit Majithia <email address hidden> Fri, 06 Oct 2023 13:50:32 +0530

Source diff to previous version
CVE-2022-3234 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-3520 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
CVE-2022-3256 Use After Free in GitHub repository vim/vim prior to 9.0.0530.
CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVE-2022-3591 Use After Free in GitHub repository vim/vim prior to 9.0.0789.
CVE-2022-3705 A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the
CVE-2022-4292 Use After Free in GitHub repository vim/vim prior to 9.0.0882.
CVE-2022-3324 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
CVE-2022-4293 Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.

Version: 2:8.1.2269-1ubuntu5.17 2023-08-21 08:06:59 UTC

  vim (2:8.1.2269-1ubuntu5.17) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write issue
    - debian/patches/CVE-2022-2598.patch: Make sure the line number does
      not go below one.
    - CVE-2022-2598
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-3016.patch: Return QF_ABORT and handle it.
    - debian/patches/CVE-2022-3037.patch: Do not handle errors if there
      aren't any
    - debian/patches/CVE-2022-3099.patch: Do not check breakpoint for
      non-existing line
    - CVE-2022-3016
    - CVE-2022-3037
    - CVE-2022-3099

 -- Nishit Majithia <email address hidden> Fri, 18 Aug 2023 09:11:54 +0530

Source diff to previous version
CVE-2022-3016 Use After Free in GitHub repository vim/vim prior to 9.0.0286.
CVE-2022-3037 Use After Free in GitHub repository vim/vim prior to 9.0.0322.
CVE-2022-3099 Use After Free in GitHub repository vim/vim prior to 9.0.0360.

Version: 2:8.1.2269-1ubuntu5.16 2023-08-03 16:07:07 UTC

  vim (2:8.1.2269-1ubuntu5.16) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2264.patch: Adjust the end mark position.
    - debian/patches/CVE-2022-2284.patch: Stop Visual mode when closing a
      window.
    - CVE-2022-2264
    - CVE-2022-2284
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2208.patch: Recompute diffs later. Skip
      window without a valid buffer.
    - CVE-2022-2208
  * SECURITY UPDATE: out-of-bounds write issue
    - debian/patches/CVE-2022-2210.patch: Use zero offset when change
      removes all lines in a diff block
    - CVE-2022-2210
  * SECURITY UPDATE: out-of-bounds read issue
    - debian/patches/CVE-2022-2257.patch: Check for NUL.
    - debian/patches/CVE-2022-2286.patch: Check the length of the string
    - debian/patches/CVE-2022-2287.patch: Disallow adding a word with
      control characters or a trailing slash.
    - CVE-2022-2257
    - CVE-2022-2286
    - CVE-2022-2287
  * SECURITY UPDATE: integer overflow issue
    - debian/patches/CVE-2022-2285.patch: Put a NUL after the typeahead.
    - CVE-2022-2285
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-2289.patch: Bail out when diff pointer is no
      longer valid
    - CVE-2022-2289
  * debian/patches/update_flaky_tests.patch: add few tests to flaky

 -- Nishit Majithia <email address hidden> Tue, 01 Aug 2023 14:00:18 +0530

Source diff to previous version
CVE-2022-2264 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2284 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2208 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
CVE-2022-2210 Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-2257 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2286 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2287 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
CVE-2022-2285 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
CVE-2022-2289 Use After Free in GitHub repository vim/vim prior to 9.0.

Version: 2:8.1.2269-1ubuntu5.15 2023-06-12 13:07:07 UTC

  vim (2:8.1.2269-1ubuntu5.15) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference when processing register content
    - debian/patches/CVE-2023-2609.patch: check "y_array" is not NULL.
    - CVE-2023-2609
  * SECURITY UPDATE: integer overflow and excessive memory consumption when
    allocating memory for tilde processing in pattern
    - debian/patches/CVE-2023-2610.patch: limit the text length to MAXCOL.
    - CVE-2023-2610

 -- Camila Camargo de Matos <email address hidden> Wed, 24 May 2023 11:28:35 -0300

Source diff to previous version
CVE-2023-2609 NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
CVE-2023-2610 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

Version: 2:8.1.2269-1ubuntu5.14 2023-04-19 11:32:32 UTC

  vim (2:8.1.2269-1ubuntu5.14) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read vulnerability
    - debian/patches/CVE-2021-4166.patch: crash when clearing the argument
      list while using it
    - CVE-2021-4166
  * SECURITY UPDATE: use-after-free when matching inside a visual selection
    - debian/patches/CVE-2021-4192.patch: get the line again after getvvcol().
    - CVE-2021-4192
  * SECURITY UPDATE: out-of-bounds read when processing data in visual mode
    - debian/patches/CVE-2021-4193.patch: check for valid column in getvcol().
    - CVE-2021-4193
  * SECURITY UPDATE: heap buffer overflow when processing long file names
    - debian/patches/CVE-2022-0213.patch: check length when appending a space.
    - CVE-2022-0213
  * SECURITY UPDATE: heap-based buffer overflow when performing a block insert
    - debian/patches/CVE-2022-0261.patch: handle invalid byte better. Fix
      inserting the wrong text.
    - debian/patches/CVE-2022-0318-1.patch: for block insert only use the
      offset for correcting the length.
    - debian/patches/CVE-2022-0318-2.patch: adjust the expected output for
      utf8 block insert test.
    - CVE-2022-0261
    - CVE-2022-0318
  * SECURITY UPDATE: out-of-bounds read when exchanging windows in visual mode
    - debian/patches/CVE-2022-0319.patch: correct end of Visual area when
      entering another buffer.
    - CVE-2022-0319
  * SECURITY UPDATE: stack pointer corruption when parsing too many brackets
    in expression
    - debian/patches/CVE-2022-0351.patch: limit recursion to 1000.
    - CVE-2022-0351
  * SECURITY UPDATE: illegal memory access when processing large indent in ex
    mode
    - debian/patches/CVE-2022-0359.patch: allocate enough memory.
    - CVE-2022-0359
  * SECURITY UPDATE: illegal memory access when copying lines in visual mode
    - debian/patches/CVE-2022-0361.patch: adjust the Visual position after
      copying lines.
    - CVE-2022-0361
  * SECURITY UPDATE: illegal memory access when undo makes visual area invalid
    in visual mode
    - debian/patches/CVE-2022-0368.patch: correct the Visual area after undo.
    - CVE-2022-0368
  * SECURITY UPDATE: stack corruption when looking for spelling suggestions
    - debian/patches/CVE-2022-0408.patch: prevent the depth increased too
      much. Add a five second time limit to finding suggestions.
    - CVE-2022-0408
  * SECURITY UPDATE: use of freed memory when managing buffers
    - debian/patches/CVE-2022-0443.patch: do not use wiped out buffer.
    - CVE-2022-0443
  * SECURITY UPDATE: heap buffer overflow when processing vim buffers
    - debian/patches/CVE-2022-0554.patch: when deleting the current buffer to
      not pick a quickfix buffer as the new current buffer.
    - CVE-2022-0554
  * SECURITY UPDATE: heap buffer overflow when repeatedly using :retab
    - debian/patches/CVE-2022-0572.patch: bail out when the line is getting
      too long.
    - CVE-2022-0572
  * SECURITY UPDATE: stack buffer overflow vulnerability
    - debian/patches/CVE-2022-0629.patch: crash when using many composing
      characters in error message
    - CVE-2022-0629
  * SECURITY UPDATE: out-of-range pointer offset when using special multi-byte
    character
    - debian/patches/CVE-2022-0685.patch: don't use isalpha() for an arbitrary
      character.
    - CVE-2022-0685
  * SECURITY UPDATE: heap buffer overflow when processing anomalous
    'vartabstop' value
    - debian/patches/CVE-2022-0714.patch: check for running into the end of
      the line.
    - CVE-2022-0714
  * SECURITY UPDATE: out-of-range pointer offset when processing specific
    regexp pattern and string
    - debian/patches/CVE-2022-0729.patch: stop at the start of the string.
    - CVE-2022-0729
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2207.patch: adds a check to see if the cursor
      column is great than zero.
    - CVE-2022-2207

 -- Nishit Majithia <email address hidden> Tue, 18 Apr 2023 15:50:44 +0530

CVE-2021-4166 vim is vulnerable to Out-of-bounds Read
CVE-2021-4192 vim is vulnerable to Use After Free
CVE-2021-4193 vim is vulnerable to Out-of-bounds Read
CVE-2022-0213 vim is vulnerable to Heap-based Buffer Overflow
CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2.
CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2.
CVE-2022-0351 Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
CVE-2022-0359 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0361 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0368 Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0408 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0443 Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-0554 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
CVE-2022-0572 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0629 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-0685 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
CVE-2022-0714 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
CVE-2022-0729 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
CVE-2022-2207 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.



About   -   Send Feedback to @ubuntu_updates