Package "vim-runtime"
Name: |
vim-runtime
|
Description: |
Vi IMproved - Runtime files
|
Latest version: |
2:7.4.1689-3ubuntu1.5 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Head package: |
vim |
Homepage: |
http://www.vim.org/ |
Links
Download "vim-runtime"
Other versions of "vim-runtime" in Xenial
Changelog
vim (2:7.4.1689-3ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect group ownership of .swp file
- debian/patches/CVE-2017-17087.patch: use correct group in
src/fileio.c.
- CVE-2017-17087
* SECURITY UPDATE: rvim restricted mode circumvention
- debian/patches/CVE-2019-20807-pre1.patch: add checks for restricted
and secure in src/eval.c.
- debian/patches/CVE-2019-20807-pre2.patch: update documentation in
runtime/doc/starting.txt.
- debian/patches/CVE-2019-20807-1.patch: disable using interfaces in
restricted mode in runtime/doc/starting.txt, src/eval.c,
src/ex_cmds.c, src/ex_docmd.c, src/if_perl.xs,
src/testdir/Make_all.mak, src/testdir/test_restricted.vim.
- debian/patches/CVE-2019-20807-2.patch: missing some changes for Ex
commands in src/ex_cmds.h.
- CVE-2019-20807
-- Marc Deslauriers <email address hidden> Tue, 13 Oct 2020 12:04:38 -0400
|
Source diff to previous version |
CVE-2017-17087 |
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group owners |
CVE-2019-20807 |
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, |
|
vim (2:7.4.1689-3ubuntu1.4) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/upstream/patch-8.0.070*.patch: check the event
event for being out of range in src/fileio.c; set w_s pointer if w_buffer
was NULL in src/ex_cmds.c.
- CVE-2017-11109
* SECURITY UPDATE: Integer overflow
- debian/patches/upstream/patch-8.0.0377*.patch: check if allocated size
is not too big in src/undo.c.
- CVE-2017-6349
* SECURITY UPDATE: Buffer overflow
- debian/patches/upstream/patch-8.0.0378*.patch: check if allocated size
is not too big in src/undo.c.
- CVE-2017-6350
-- <email address hidden> (Leonidas S. Barbosa) Wed, 18 Mar 2020 11:06:17 -0300
|
Source diff to previous version |
CVE-2017-11109 |
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NO |
CVE-2017-6349 |
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tr |
CVE-2017-6350 |
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values f |
|
vim (2:7.4.1689-3ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2019-12735.patch: disallow
sourcing a file in the sandbox in src/getchar.c
- CVE-2019-12735
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2017-5953.patch: check for an
invalid length in order to avoid a overflow in
src/spell.c.
- CVE-2017-5953
-- <email address hidden> (Leonidas S. Barbosa) Fri, 07 Jun 2019 12:35:43 -0300
|
Source diff to previous version |
CVE-2019-12735 |
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a model |
CVE-2017-5953 |
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a |
|
vim (2:7.4.1689-3ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary shell execution via modelines
- debian/patches/upstream/CVE-2016-1248.patch: Only allow valid
characters in 'filetype', 'syntax' and 'keymap'. Tests adapted
back to vim 7.4 by James McCoy of Debian, thanks!
- CVE-2016-1248
-- Steve Beattie <email address hidden> Thu, 24 Nov 2016 08:44:48 -0800
|
CVE-2016-1248 |
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of a |
|
About
-
Send Feedback to @ubuntu_updates