Ubuntu
vim package

vim 2:8.1.2269-1ubuntu5.21 source package in Ubuntu

Changelog

vim (2:8.1.2269-1ubuntu5.21) focal-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
      in more places.
    - CVE-2022-1725
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
    - CVE-2022-1771
  * SECURITY UPDATE: out of bounds write vulnerability
    - debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
      command.
    - CVE-2022-1897
  * SECURITY UPDATE: out-of-bounds write
    - debian/patches/CVE-2022-2000.patch: addresses the potential for an
      overflow by adding a bounds check and truncating the message if needed.
    - CVE-2022-2000
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-46246.patch: Check that the return value from the
      vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
      an error.
    - CVE-2023-46246
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/CVE-2023-48231.patch: If the current window structure is
      no longer valid, fail and return before attempting to set win->w_closing
      variable.
    - CVE-2023-48231
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48233.patch: If the count after the :s command is
      larger than what fits into a (signed) long variable, abort with
      e_value_too_large.
    - CVE-2023-48233
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
      command, it may overflow for large counts given. So verify, that we can
      safely store the result in a long.
    - CVE-2023-48234
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
      one may unintentionally cause an overflow (because LONG_MAX - lnum will
      overflow for negative addresses).
    - CVE-2023-48235
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48236.patch: When using the z= command, we may
      overflow the count with values larger than MAX_INT. So verify that we do
      not overflow and in case when an overflow is detected, simply return 0.
    - CVE-2023-48236
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-48237.patch: When shifting lines in operator
      pending mode and using a very large value, we may overflow the size of
      integer. Fix this by using a long variable, testing if the result would
      be larger than INT_MAX and if so, indent by INT_MAX value.
    - CVE-2023-48237

 -- Fabian Toepfer <email address hidden>  Thu, 07 Dec 2023 16:42:49 +0100

Upload details

Uploaded by:
Fabian Toepfer
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
editors
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
vim_8.1.2269.orig.tar.gz 13.9 MiB ff75a4d5f04dbd0e10c00b8a2369bd4108ed955a298fa30c4d861d2f53d2c4c5
vim_8.1.2269-1ubuntu5.21.debian.tar.xz 255.8 KiB b6d6e36d433be5470f7834e6da20527e332e0028c82f9b055914fb27d633bdf3
vim_8.1.2269-1ubuntu5.21.dsc 2.9 KiB 6d843f79a66ef835ca5c108d45db373a243c29a23767e46b409e30df6f92e88e

View changes file

Binary packages built by this source

vim: Vi IMproved - enhanced vi editor

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 Many new features have been added: multi level undo, syntax
 highlighting, command line history, on-line help, filename
 completion, block operations, folding, Unicode support, etc.
 .
 This package contains a version of vim compiled with a rather
 standard set of features. This package does not provide a GUI
 version of Vim. See the other vim-* packages if you need more
 (or less).

vim-athena: Vi IMproved - enhanced vi editor - with Athena GUI

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 Many new features have been added: multi level undo, syntax
 highlighting, command line history, on-line help, filename
 completion, block operations, folding, Unicode support, etc.
 .
 This package contains a version of vim compiled with a Athena GUI
 and support for scripting with Lua, Perl, Python 3, Ruby, and Tcl.

vim-athena-dbgsym: debug symbols for vim-athena
vim-common: Vi IMproved - Common files

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 This package contains files shared by all non GUI-enabled vim variants
 available in Debian. Examples of such shared files are: manpages and
 configuration files.

vim-dbgsym: debug symbols for vim
vim-doc: Vi IMproved - HTML documentation

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 This package contains the HTML version of the online documentation. It is
 built from the runtime/doc directory of the source tree.

vim-gtk: Vi IMproved - enhanced vi editor (dummy package)

 This is a transitional package to install the vim-gtk3 package. You may
 remove this package if nothing depends on it.

vim-gtk3: Vi IMproved - enhanced vi editor - with GTK3 GUI

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 Many new features have been added: multi level undo, syntax
 highlighting, command line history, on-line help, filename
 completion, block operations, folding, Unicode support, etc.
 .
 This package contains a version of vim compiled with a GTK3 GUI
 and support for scripting with Lua, Perl, Python 3, and Tcl.

vim-gtk3-dbgsym: debug symbols for vim-gtk3
vim-gui-common: Vi IMproved - Common GUI files

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 This package contains files shared by all GUI-enabled vim
 variants available in Debian. Examples of such shared files are:
 gvimtutor, icons, and desktop environments settings.

vim-nox: Vi IMproved - enhanced vi editor - with scripting languages support

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 Many new features have been added: multi level undo, syntax
 highlighting, command line history, on-line help, filename
 completion, block operations, folding, Unicode support, etc.
 .
 This package contains a version of vim compiled with support for
 scripting with Lua, Perl, Python 3, Ruby, and Tcl but no GUI.

vim-nox-dbgsym: debug symbols for vim-nox
vim-runtime: Vi IMproved - Runtime files

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 This package contains vimtutor and the architecture independent runtime
 files, used, if available, by all vim variants available in Debian.
 Example of such runtime files are: online documentation, rules for
 language-specific syntax highlighting and indentation, color schemes,
 and standard plugins.

vim-tiny: Vi IMproved - enhanced vi editor - compact version

 Vim is an almost compatible version of the UNIX editor Vi.
 .
 This package contains a minimal version of Vim compiled with no GUI and
 a small subset of features. This package's sole purpose is to provide
 the vi binary for base installations.
 .
 If a vim binary is wanted, try one of the following more featureful
 packages: vim, vim-nox, vim-athena, or vim-gtk3.

vim-tiny-dbgsym: debug symbols for vim-tiny
xxd: tool to make (or reverse) a hex dump

 xxd creates a hex dump of a given file or standard input. It can also convert
 a hex dump back to its original binary form.

xxd-dbgsym: debug symbols for xxd