UbuntuUpdates.org

Package "vim-motif"

Name: vim-motif

Description:

Vi IMproved - enhanced vi editor - with Motif GUI
Latest version: 2:9.1.0016-1ubuntu7.11
Release: noble (24.04)
Level: security
Repository: universe
Head package: vim
Homepage: https://www.vim.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vim-motif"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "vim-motif" in Noble

Repository Area Version
base universe 2:9.1.0016-1ubuntu7
updates universe 2:9.1.0016-1ubuntu7.11

Changelog

Version: 2:9.1.0016-1ubuntu7.11 2026-04-13 22:08:26 UTC

  vim (2:9.1.0016-1ubuntu7.11) noble-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference in the NFA regex engine.
    - debian/patches/CVE-2026-32249.patch: Add range_endpoint and if checks
      in src/regexp_nfa.c. Add tests in src/testdir/test_regexp_utf8.vim.
    - CVE-2026-32249
  * SECURITY UPDATE: Command injection in glob.
    - debian/patches/CVE-2026-33412.patch: Add newline to SHELL_SPECIAL in
      src/os_unix.c.
    - CVE-2026-33412
  * SECURITY UPDATE: Security bypass in modeline.
    - debian/patches/CVE-2026-34982.patch: Disallow modeset while in secure
       mode in src/map.c and src/optiondefs.h.
    - CVE-2026-34982

 -- Kyle Kernick <email address hidden> Mon, 06 Apr 2026 13:30:21 -0600
Source diff to previous version
CVE-2026-32249 Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containin
CVE-2026-33412 Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix
CVE-2026-34982 Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution wh

Version: 2:9.1.0016-1ubuntu7.10 2026-03-17 04:09:48 UTC

  vim (2:9.1.0016-1ubuntu7.10) noble-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2026-26269.patch: Limit writing to max KEYBUFLEN
      bytes to prevent writing out of bounds.
    - debian/patches/CVE-2026-28420.patch: Use VTERM_MAX_CHARS_PER_CELL * 4
      for ga_grow() to ensure sufficient space. Add a boundary check to the
      character loop to prevent index out-of-bounds access.
    - debian/patches/CVE-2026-28422.patch: Update the size check to account
      for the byte length of the fill character (using MB_CHAR2LEN).
    - debian/patches/CVE-2026-25749.patch: Limit strncpy to the length
      of the buffer (MAXPATHL)
    - CVE-2026-26269
    - CVE-2026-28420
    - CVE-2026-28422
    - CVE-2026-25749
  * SECURITY UPDATE: Command Injection
    - debian/patches/CVE-2026-28417.patch: Implement stricter RFC1123
      hostname and IP validation. Use shellescape() for the provided
      hostname and port.
    - CVE-2026-28417
  * SECURITY UPDATE: Out of Bounds Read
    - debian/patches/CVE-2026-28418.patch: Check for end of buffer
      and return early.
    - CVE-2026-28418
  * SECURITY UPDATE: Buffer Underflow
    - debian/patches/CVE-2026-28419.patch: Add a check to ensure the
      delimiter (p_7f) is not at the start of the buffer (lbuf) before
      attempting to isolate the tag name.
    - CVE-2026-28419
  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2026-28421.patch: Add bounds checks on
      pe_page_count and pe_bnum against mf_blocknr_max before descending
      into the block tree, and validate pe_old_lnum >= 1 and
      pe_line_count > 0 before calling readfile().
    - CVE-2026-28421

 -- Bruce Cable <email address hidden> Tue, 10 Mar 2026 20:13:01 +1100
Source diff to previous version
CVE-2026-26269 Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when p
CVE-2026-28420 Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim
CVE-2026-28422 Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a s
CVE-2026-25749 Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution
CVE-2026-28417 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plug
CVE-2026-28418 Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-sty
CVE-2026-28419 Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsi
CVE-2026-28421 Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim'

Version: 2:9.1.0016-1ubuntu7.9 2025-09-15 19:08:17 UTC

  vim (2:9.1.0016-1ubuntu7.9) noble-security; urgency=medium

  * SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
    archives.
    - debian/patches/CVE-2025-53905.patch: remove leading slashes from name,
      replace tar_secure with g:tar_secure in runtime/autoload/tar.vim.
    - debian/patches/CVE-2025-53906.patch: Add need_rename, replace w! with w,
      call warning for path traversal attack, and escape leading "../" in
      runtime/autoload/zip.vim.
    - CVE-2025-53905
    - CVE-2025-53906

 -- Hlib Korzhynskyy <email address hidden> Fri, 05 Sep 2025 17:14:46 -0230
Source diff to previous version
CVE-2025-53905 Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of a
CVE-2025-53906 Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of a

Version: 2:9.1.0016-1ubuntu7.8 2025-04-08 00:07:06 UTC

  vim (2:9.1.0016-1ubuntu7.8) noble-security; urgency=medium

  * SECURITY UPDATE: Crash when file is inaccessible with log option.
    - debian/patches/CVE-2025-1215.patch: Split common_init to common_init_1
      and common_init_2 in ./src/main.c
    - CVE-2025-1215
  * SECURITY UPDATE: Use after free when redirecting display command to
    register.
    - debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
      vim_strchr command check in ./src/register.c.
    - CVE-2025-26603

 -- Hlib Korzhynskyy <email address hidden> Tue, 01 Apr 2025 17:42:31 -0230
Source diff to previous version
CVE-2025-1215 A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipu
CVE-2025-26603 Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, v

Version: 2:9.1.0016-1ubuntu7.7 2025-04-01 20:07:12 UTC

  vim (2:9.1.0016-1ubuntu7.7) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
      in files src/gui.c, src/testdir/crash/ex_redraw_crash,
      src/testdir/test_crash.vim.
    - CVE-2025-24014

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 03 Feb 2025 08:25:28 -0300
CVE-2025-24014 Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically does


About   -   Send Feedback to @ubuntu_updates