UbuntuUpdates.org

Package "vim"

Name: vim

Description:

Vi IMproved - enhanced vi editor
Latest version: 2:9.1.0016-1ubuntu7.8
Release: noble (24.04)
Level: security
Repository: main
Homepage: https://www.vim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vim"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "vim" in Noble

Repository Area Version
base universe 2:9.1.0016-1ubuntu7
base main 2:9.1.0016-1ubuntu7
security universe 2:9.1.0016-1ubuntu7.8
updates main 2:9.1.0016-1ubuntu7.8
updates universe 2:9.1.0016-1ubuntu7.8

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:9.1.0016-1ubuntu7.8 2025-04-07 17:07:12 UTC

  vim (2:9.1.0016-1ubuntu7.8) noble-security; urgency=medium

  * SECURITY UPDATE: Crash when file is inaccessible with log option.
    - debian/patches/CVE-2025-1215.patch: Split common_init to common_init_1
      and common_init_2 in ./src/main.c
    - CVE-2025-1215
  * SECURITY UPDATE: Use after free when redirecting display command to
    register.
    - debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
      vim_strchr command check in ./src/register.c.
    - CVE-2025-26603

 -- Hlib Korzhynskyy <email address hidden> Tue, 01 Apr 2025 17:42:31 -0230
Source diff to previous version
CVE-2025-1215 A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipu
CVE-2025-26603 Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, v

Version: 2:9.1.0016-1ubuntu7.7 2025-04-01 20:07:11 UTC

  vim (2:9.1.0016-1ubuntu7.7) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
      in files src/gui.c, src/testdir/crash/ex_redraw_crash,
      src/testdir/test_crash.vim.
    - CVE-2025-24014

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 03 Feb 2025 08:25:28 -0300
Source diff to previous version
CVE-2025-24014 Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically does

Version: 2:9.1.0016-1ubuntu7.6 2025-01-21 18:07:01 UTC

  vim (2:9.1.0016-1ubuntu7.6) noble-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
    - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
      src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
    - CVE-2025-22134

 -- Hlib Korzhynskyy <email address hidden> Thu, 16 Jan 2025 16:43:18 -0330
Source diff to previous version
CVE-2025-22134 When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does no

Version: 2:9.1.0016-1ubuntu7.5 2024-11-27 18:06:57 UTC

  vim (2:9.1.0016-1ubuntu7.5) noble-security; urgency=medium

  * SECURITY UPDATE: Use after free when closing a buffer.
    - debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
      Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
      Add buf_locked() in src/proto/buffer.pro.
    - CVE-2024-47814

 -- Hlib Korzhynskyy <email address hidden> Wed, 06 Nov 2024 15:34:03 -0330
Source diff to previous version
CVE-2024-47814 Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLe

Version: 2:9.1.0016-1ubuntu7.3 2024-10-01 06:06:56 UTC

  vim (2:9.1.0016-1ubuntu7.3) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-43802.patch: check buflen before advancing
      offset. Add src/testdir/crash/heap_overflow3 to include-binaries.
    - CVE-2024-43802

 -- Vyom Yadav <email address hidden> Wed, 25 Sep 2024 15:43:04 +0530
CVE-2024-43802 Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but


About   -   Send Feedback to @ubuntu_updates