Package "vim"

  vim (2:9.1.0016-1ubuntu7.6) noble-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
    - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
      src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
    - CVE-2025-22134

 -- Hlib Korzhynskyy <email address hidden> Thu, 16 Jan 2025 16:43:18 -0330

  vim (2:9.1.0016-1ubuntu7.5) noble-security; urgency=medium

  * SECURITY UPDATE: Use after free when closing a buffer.
    - debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
      Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
      Add buf_locked() in src/proto/buffer.pro.
    - CVE-2024-47814

 -- Hlib Korzhynskyy <email address hidden> Wed, 06 Nov 2024 15:34:03 -0330

  vim (2:9.1.0016-1ubuntu7.4) noble; urgency=medium

  * Ensure Ubuntu codenames are current (LP: #2084706).

 -- Simon Quigley <email address hidden> Wed, 16 Oct 2024 13:05:40 -0500

  vim (2:9.1.0016-1ubuntu7.3) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-43802.patch: check buflen before advancing
      offset. Add src/testdir/crash/heap_overflow3 to include-binaries.
    - CVE-2024-43802

 -- Vyom Yadav <email address hidden> Wed, 25 Sep 2024 15:43:04 +0530

  vim (2:9.1.0016-1ubuntu7.2) noble-security; urgency=medium

  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2024-41957.patch: set tagname to NULL
      after being freed
    - CVE-2024-41957
  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2024-43374.patch: add lock to keep
      reference valid
    - CVE-2024-43374

 -- Bruce Cable <email address hidden> Tue, 27 Aug 2024 14:08:09 +1000