UbuntuUpdates.org

Package "vim"

Name: vim

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Vi IMproved - enhanced vi editor - with Athena GUI
  • Vi IMproved - enhanced vi editor (dummy package)
  • Vi IMproved - enhanced vi editor - with GTK3 GUI
  • Vi IMproved - Common GUI files

Latest version: 2:8.1.2269-1ubuntu5.3
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "vim" in Focal

Repository Area Version
base main 2:8.1.2269-1ubuntu5
base universe 2:8.1.2269-1ubuntu5
security main 2:8.1.2269-1ubuntu5.3
security universe 2:8.1.2269-1ubuntu5.3
updates main 2:8.1.2269-1ubuntu5.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:8.1.2269-1ubuntu5.3 2021-09-28 12:06:24 UTC

  vim (2:8.1.2269-1ubuntu5.3) focal-security; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with
    large value
    - debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive
      number in src/indent.c.
    - debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with
      invalid argument
    - CVE-2021-3770
  * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of
    line with invalid utf-8 character
    - debian/patches/CVE-2021-3778.patch: Validate encoding of character before
      advancing line in regexp_nfa.c.
    - CVE-2021-3778
  * SECURITY UPDATE: Fix use after free when replacing
    - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
      ins_copychar() in src/normal.c.
    - CVE-2021-3796
  * Fix failing flaky test for riscv64 builds.

 -- Spyros Seimenis <email address hidden> Mon, 20 Sep 2021 14:42:42 +0300

CVE-2021-3770 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3778 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-3796 vim is vulnerable to Use After Free



About   -   Send Feedback to @ubuntu_updates