Package "vim-tiny"

  vim (2:8.1.2269-1ubuntu5.21) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
      in more places.
    - CVE-2022-1725
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
    - CVE-2022-1771
  * SECURITY UPDATE: out of bounds write vulnerability
    - debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
      command.
    - CVE-2022-1897
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2022-2000.patch: addresses the potential for an
      overflow by adding a bounds check and truncating the message if needed.
    - CVE-2022-2000
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-46246.patch: Check that the return value from the
      vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
      an error.
    - CVE-2023-46246
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-48231.patch: If the current window structure is
      no longer valid, fail and return before attempting to set win->w_closing
      variable.
    - CVE-2023-48231
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48233.patch: If the count after the :s command is
      larger than what fits into a (signed) long variable, abort with
      e_value_too_large.
    - CVE-2023-48233
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
      command, it may overflow for large counts given. So verify, that we can
      safely store the result in a long.
    - CVE-2023-48234
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
      one may unintentionally cause an overflow (because LONG_MAX - lnum will
      overflow for negative addresses).
    - CVE-2023-48235
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48236.patch: When using the z= command, we may
      overflow the count with values larger than MAX_INT. So verify that we do
      not overflow and in case when an overflow is detected, simply return 0.
    - CVE-2023-48236
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48237.patch: When shifting lines in operator
      pending mode and using a very large value, we may overflow the size of
      integer. Fix this by using a long variable, testing if the result would
      be larger than INT_MAX and if so, indent by INT_MAX value.
    - CVE-2023-48237

 -- Fabian Toepfer <email address hidden> Thu, 07 Dec 2023 16:42:49 +0100

  vim (2:8.1.2269-1ubuntu5.20) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
      reset_VIsual() in do_ecmd.
    - CVE-2023-4733
  * SECURITY UPDATE: out of bounds write vulnerability
    - debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
      overflow in do_addsub.
    - CVE-2023-4735
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4750.patch: Check buffer is valid before
      accessing it.
    - CVE-2023-4750
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-4751.patch: Stop Visual mode when using :ball
      to avoid illegal memory access.
    - CVE-2023-4751
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-4752.patch: validate buffer before accessing it
      in ins_compl_get_exp.
    - CVE-2023-4752
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-4781.patch: Disallow exchanging windows when
      textlock is active in vim_regsub_both.
    - CVE-2023-4781
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
      trunc_string.
    - CVE-2023-5344
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
      in gui_do_scroll.
    - CVE-2023-5441
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-5535.patch: block autocommands in
      buf_contents_changed.
    - CVE-2023-5535

 -- Fabian Toepfer <email address hidden> Mon, 16 Oct 2023 20:14:13 +0200

  vim (2:8.1.2269-1ubuntu5.18) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-3234.patch: Check for replacing NUL after Tab.
    - debian/patches/CVE-2022-3520.patch: Check that the column does not
      become negative.
    - CVE-2022-3234
    - CVE-2022-3520
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-3256.patch: Copy the mark before editing
      another buffer
    - debian/patches/CVE-2022-3352.patch: Disallow deleting the current
      buffer to avoid using freed memory
    - debian/patches/CVE-2022-3591.patch: Disallow navigating to a dummy
      buffer
    - debian/patches/CVE-2022-3705.patch: Set the quickfix-busy flag while
      filling the buffer
    - debian/patches/CVE-2022-4292.patch: Bail out if the window no longer
      exists.
    - CVE-2022-3256
    - CVE-2022-3352
    - CVE-2022-3591
    - CVE-2022-3705
    - CVE-2022-4292
  * SECURITY UPDATE: stack-based buffer overflow
    - debian/patches/CVE-2022-3324.patch: Make sure the window width does
      not become negative
    - CVE-2022-3324
  * SECURITY UPDATE: incorrect floating point comparison
    - debian/patches/CVE-2022-4293.patch: fix floating point comparison
    - CVE-2022-4293
  * debian/patches/fix_flaky_tests.patch: skip failing test

 -- Nishit Majithia <email address hidden> Fri, 06 Oct 2023 13:50:32 +0530

  vim (2:8.1.2269-1ubuntu5.17) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write issue
    - debian/patches/CVE-2022-2598.patch: Make sure the line number does
      not go below one.
    - CVE-2022-2598
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-3016.patch: Return QF_ABORT and handle it.
    - debian/patches/CVE-2022-3037.patch: Do not handle errors if there
      aren't any
    - debian/patches/CVE-2022-3099.patch: Do not check breakpoint for
      non-existing line
    - CVE-2022-3016
    - CVE-2022-3037
    - CVE-2022-3099

 -- Nishit Majithia <email address hidden> Fri, 18 Aug 2023 09:11:54 +0530

  vim (2:8.1.2269-1ubuntu5.16) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2264.patch: Adjust the end mark position.
    - debian/patches/CVE-2022-2284.patch: Stop Visual mode when closing a
      window.
    - CVE-2022-2264
    - CVE-2022-2284
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2208.patch: Recompute diffs later. Skip
      window without a valid buffer.
    - CVE-2022-2208
  * SECURITY UPDATE: out-of-bounds write issue
    - debian/patches/CVE-2022-2210.patch: Use zero offset when change
      removes all lines in a diff block
    - CVE-2022-2210
  * SECURITY UPDATE: out-of-bounds read issue
    - debian/patches/CVE-2022-2257.patch: Check for NUL.
    - debian/patches/CVE-2022-2286.patch: Check the length of the string
    - debian/patches/CVE-2022-2287.patch: Disallow adding a word with
      control characters or a trailing slash.
    - CVE-2022-2257
    - CVE-2022-2286
    - CVE-2022-2287
  * SECURITY UPDATE: integer overflow issue
    - debian/patches/CVE-2022-2285.patch: Put a NUL after the typeahead.
    - CVE-2022-2285
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-2289.patch: Bail out when diff pointer is no
      longer valid
    - CVE-2022-2289
  * debian/patches/update_flaky_tests.patch: add few tests to flaky

 -- Nishit Majithia <email address hidden> Tue, 01 Aug 2023 14:00:18 +0530