Package "vim-gtk"
Name: |
vim-gtk
|
Description: |
Vi IMproved - enhanced vi editor (dummy package)
|
Latest version: |
2:8.2.3995-1ubuntu2.21 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Head package: |
vim |
Homepage: |
https://www.vim.org/ |
Links
Download "vim-gtk"
Other versions of "vim-gtk" in Jammy
Changelog
vim (2:8.2.3995-1ubuntu2.21) jammy-security; urgency=medium
* SECURITY UPDATE: Use after free when closing a buffer.
- debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
Add buf_locked() in src/proto/buffer.pro.
- CVE-2024-47814
-- Hlib Korzhynskyy <email address hidden> Thu, 07 Nov 2024 09:47:21 -0330
|
Source diff to previous version |
CVE-2024-47814 |
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLe |
|
vim (2:8.2.3995-1ubuntu2.19) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-43802.patch: check buflen before advancing
offset.
- CVE-2024-43802
-- Vyom Yadav <email address hidden> Wed, 25 Sep 2024 11:00:01 +0530
|
Source diff to previous version |
CVE-2024-43802 |
Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but |
|
vim (2:8.2.3995-1ubuntu2.18) jammy-security; urgency=medium
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-41957.patch: set tagname to NULL
after being freed
- CVE-2024-41957
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-43374.patch: add lock to keep
reference valid
- CVE-2024-43374
-- Bruce Cable <email address hidden> Tue, 27 Aug 2024 15:34:22 +1000
|
Source diff to previous version |
CVE-2024-41957 |
Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack |
CVE-2024-43374 |
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this |
|
vim (2:8.2.3995-1ubuntu2.16) jammy-security; urgency=medium
* SECURITY UPDATE: stack based buffer overflow
- debian/patches/CVE-2024-22667.patch: passes error buffer length down
through option callback functions.
- debian/patches/remove-flaky-matchfuzzy-test.patch: removing flaky test
initially introduced in d/p/CVE-2023-2426.patch due to long run time
causing the test and builds to fail.
- CVE-2024-22667
-- Ian Constantin <email address hidden> Thu, 14 Mar 2024 11:05:11 +0200
|
Source diff to previous version |
CVE-2024-22667 |
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down |
CVE-2023-2426 |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. |
|
vim (2:8.2.3995-1ubuntu2.15) jammy-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
in more places.
- CVE-2022-1725
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
- CVE-2022-1771
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2022-1886.patch: Check the length is more than zero.
- CVE-2022-1886
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
command.
- CVE-2022-1897
* SECURITY UPDATE: out-of-bounds write
- debian/patches/CVE-2022-2000.patch: addresses the potential for an
overflow by adding a bounds check and truncating the message if needed.
- CVE-2022-2000
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-2042.patch: Initialize "attr". Check for empty
line early.
- CVE-2022-2042
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-46246.patch: Check that the return value from the
vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
an error.
- CVE-2023-46246
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-48231.patch: If the current window structure is
no longer valid, fail and return before attempting to set win->w_closing
variable.
- CVE-2023-48231
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48233.patch: If the count after the :s command is
larger than what fits into a (signed) long variable, abort with
e_value_too_large.
- CVE-2023-48233
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
command, it may overflow for large counts given. So verify, that we can
safely store the result in a long.
- CVE-2023-48234
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
one may unintentionally cause an overflow (because LONG_MAX - lnum will
overflow for negative addresses).
- CVE-2023-48235
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48236.patch: When using the z= command, we may
overflow the count with values larger than MAX_INT. So verify that we do
not overflow and in case when an overflow is detected, simply return 0.
- CVE-2023-48236
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48237.patch: When shifting lines in operator
pending mode and using a very large value, we may overflow the size of
integer. Fix this by using a long variable, testing if the result would
be larger than INT_MAX and if so, indent by INT_MAX value.
- CVE-2023-48237
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-48706.patch: ensure that the sub var always using
allocated memory.
- CVE-2023-48706
-- Fabian Toepfer <email address hidden> Tue, 05 Dec 2023 18:58:57 +0100
|
CVE-2022-1725 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. |
CVE-2022-1771 |
Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. |
CVE-2022-1886 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
CVE-2022-1897 |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
CVE-2022-2000 |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
CVE-2022-2042 |
Use After Free in GitHub repository vim/vim prior to 8.2. |
CVE-2023-46246 |
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `sr |
CVE-2023-48231 |
Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond cras |
CVE-2023-48233 |
Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with |
CVE-2023-48234 |
Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is |
CVE-2023-48235 |
Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens |
CVE-2023-48236 |
Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is |
CVE-2023-48237 |
Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it ma |
CVE-2023-48706 |
Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time |
|
About
-
Send Feedback to @ubuntu_updates