UbuntuUpdates.org

Package "vim"

Name: vim

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Vi IMproved - enhanced vi editor - with Athena GUI
  • Vi IMproved - enhanced vi editor - with GTK2 GUI
  • Vi IMproved - enhanced vi editor (transitional package)
  • Vi IMproved - enhanced vi editor

Latest version: 2:7.3.429-2ubuntu2.3
Release: precise (12.04)
Level: updates
Repository: universe

Links



Other versions of "vim" in Precise

Repository Area Version
base universe 2:7.3.429-2ubuntu2
base main 2:7.3.429-2ubuntu2
security main 2:7.3.429-2ubuntu2.3
security universe 2:7.3.429-2ubuntu2.3
updates main 2:7.3.429-2ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:7.3.429-2ubuntu2.3 2021-05-03 16:06:23 UTC

  vim (2:7.3.429-2ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/upstream/patch-8.0.070*.patch: check the event
      event for being out of range in src/fileio.c; do not set cmdbuff to
      NULL, make it empty in src/ex_getln.c; set w_s pointer if w_buffer
      was NULL in src/ex_cmds.c.
    - CVE-2017-11109
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/upstream/patch-8.0.0322-*.patch: check for an invalid
      length in src/spell.c.
    - CVE-2017-5953
  * SECURITY UPDATE: Integer overflow
    - debian/patches/upstream/patch-8.0.0377*.patch: check if allocated size
      is not too big in src/undo.c.
    - CVE-2017-6349
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/upstream/patch-8.0.0378*.patch: check if allocated size
      is not too big in src/undo.c.
    - CVE-2017-6350

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 18 Mar 2020 10:07:29 -0300

Source diff to previous version
CVE-2017-11109 Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NO
CVE-2017-5953 vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a
CVE-2017-6349 An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tr
CVE-2017-6350 An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values f

Version: 2:7.3.429-2ubuntu2.2 2016-11-29 02:07:01 UTC

  vim (2:7.3.429-2ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary shell execution via modelines
    - debian/patches/upstream/CVE-2016-1248.patch: Only allow valid
      characters in 'filetype', 'syntax' and 'keymap'. Tests adapted
      back to vim 7.3 by James McCoy of Debian, thanks! Patch is also
      updated to add the tests to the set that are run during the build.
    - CVE-2016-1248

 -- Steve Beattie <email address hidden> Wed, 23 Nov 2016 09:24:49 -0800

Source diff to previous version
CVE-2016-1248 vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of a

Version: 2:7.3.429-2ubuntu2.1 2012-05-15 17:06:45 UTC

vim (2:7.3.429-2ubuntu2.1) precise-proposed; urgency=low

  * Add quantal to the deb{changelog,sources} hilighting (LP: #994208)

 -- Adam Conrad Fri, 27 Apr 2012 10:17:02 -0600

994208 Needs to know about quantal



About   -   Send Feedback to @ubuntu_updates