vim 2:8.2.3995-1ubuntu2.5 source package in Ubuntu
Changelog
vim (2:8.2.3995-1ubuntu2.5) jammy-security; urgency=medium * SECURITY UPDATE: use after free - debian/patches/CVE-2022-0413.patch: make a copy of the substitute pattern that starts with "\=" in do_sub() in src/ex_cmds.c and free it at the end of the method and add test case Test_using_old_sub in src/testdir/test_CVE.vim. - debian/patches/CVE-2022-1796.patch: make a copy of the pattern to search for as it could get freed in do_window() in src/window.c and add test case Test_define_search in src/testdir/test_CVE.vim. - debian/patches/CVE-2022-1898.patch: make a copy of the string as it could get freed in nv_brackets() in src/normal.c, and add a test inside the Test_define_search test case in src/testdir/test_CVE.vim. - debian/patches/CVE-2022-1968.patch: mitigates the potential for a use after free scenario by making a copy of a buffer to use for future reference - debian/patches/CVE-2022-2946.patch: using freed memory when 'tagfunc' deletes the buffer - CVE-2022-0413 - CVE-2022-1796 - CVE-2022-1898 - CVE-2022-1968 - CVE-2022-2946 * SECURITY UPDATE: buffer over-read - debian/patches/CVE-2022-1629.patch: add a check for null after a backslash in find_next_quote() in src/search.c and add test case Test_string_html_objects in src/testdir/test_CVE.vim. - debian/patches/CVE-2022-1720.patch: reading past end of line with "gf" in Visual block mode - debian/patches/CVE-2022-1733.patch: add a check for null when checking for trailing ' in skip_string() in src/misc1.c and add test case Test_cindent_check_funcdecl in src/testdir/test_CVE.vim. - debian/patches/CVE-2022-1735.patch: add a new function, check_visual_pos in src/misc2.c and invoke it in src/change.c and src/edit.c. Add the new function header in src/proto/misc2.pro and add test case Test_visual_block_with_substitute in src/testdir/test_visual.vim. - debian/patches/CVE-2022-1851.patch: add a call to check_cursor() after formatting in op_format() in src/ops.c and add test case Test_correct_cursor_position in src/testdir/test_CVE.vim. - debian/patches/CVE-2022-1927.patch: cursor position may be invalid after "0;" range - debian/patches/CVE-2022-2845.patch: reading before the start of the line - CVE-2022-1629 - CVE-2022-1720 - CVE-2022-1733 - CVE-2022-1735 - CVE-2022-1851 - CVE-2022-1927 - CVE-2022-2845 * SECURITY UPDATE: crash when matching buffer with invalid pattern - debian/patches/CVE-2022-1674.patch: check for NULL regprog - CVE-2022-1674 * SECURITY UPDATE: buffer over-write - debian/patches/CVE-2022-1785.patch: add textlock flag to disallow changing text or switching window before calling vim_regsub_multi() in src/ex_cmds.c. - CVE-2022-1785 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2022-1942.patch: adds a control to disallow the opening of a command line window when text or buffer is locked. - debian/patches/CVE-2022-2344.patch: reading past end of completion with duplicate match - debian/patches/CVE-2022-2571.patch: reading past end of line with insert mode completion - debian/patches/CVE-2022-2849.patch: invalid memory access with for loop over NULL string - CVE-2022-1942 - CVE-2022-2344 - CVE-2022-2571 - CVE-2022-2849 * SECURITY UPDATE: searching for quotes may go over the end of the line - debian/patches/CVE-2022-2124.patch: check for running into the NULL - CVE-2022-2124 * SECURITY UPDATE: lisp indenting my run over the end of the line - debian/patches/CVE-2022-2125.patch: check for NULL earlier - CVE-2022-2125 * SECURITY UPDATE: using invalid index when looking for spell suggestions - debian/patches/CVE-2022-2126.patch: do not decrement the index when it is zero - CVE-2022-2126 * SECURITY UPDATE: out-of-bounds write - debian/patches/CVE-2022-2129.patch: prevents the editing of another file when either curbuf_lock or textlock is set. - CVE-2022-2129 * SECURITY UPDATE: invalid memory access when using an expression on the command line - debian/patches/CVE-2022-2175-1.patch: make sure the position does not go negative - debian/patches/CVE-2022-2175-2.patch: add missing #ifdef FEAT_EVAL - debian/patches/fix_Test_cmdwin_jump_to_win.patch: fix Test_cmdwin_jump_to_win() test case - CVE-2022-2175 * SECURITY UPDATE: reading beyond the end of the line with lisp indenting - debian/patches/CVE-2022-2183.patch: avoid going over the NUL at the end of the line - CVE-2022-2183 * SECURITY UPDATE: accessing invalid memory after changing terminal size - debian/patches/CVE-2022-2206.patch: adjust cmdline_row and msg_row to the value of Rows - CVE-2022-2206 * SECURITY UPDATE: spell dump may go beyond end of an array - debian/patches/CVE-2022-2304.patch: limit the word length - CVE-2022-2304 * SECURITY UPDATE: using freed memory with recursive substitution - debian/patches/CVE-2022-2345.patch: always make a copy of reg_prev_sub - CVE-2022-2345 * SECURITY UPDATE: illegal memory access when pattern starts with illegal byte - debian/patches/CVE-2022-2581.patch: do not match a character with an illegal byte - CVE-2022-2581 * SECURITY UPDATE: null pointer dereference issue - debian/patches/CVE-2022-2923.patch: crash when using ":mkspell" with an empty .dic file - debian/patches/CVE-2022-2980.patch: crash with mouse click when not initialized - CVE-2022-2923 - CVE-2022-2980 -- Nishit Majithia <email address hidden> Mon, 03 Apr 2023 13:15:49 +0530
Upload details
- Uploaded by:
- Nishit Majithia
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- editors
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
vim_8.2.3995.orig.tar.xz | 9.9 MiB | a9d4993d94a212c1e284fe19d7127508dc9c911cddaf91f2a6f72d0b9b71b8ce |
vim_8.2.3995-1ubuntu2.5.debian.tar.xz | 246.0 KiB | 1d2f9234bba7dbca5c3cb2cb7cbfd30f64aefcd31bd083694f5e68b471c459dd |
vim_8.2.3995-1ubuntu2.5.dsc | 2.8 KiB | 504351057132ae8f3a745a9aad9de2b10be7b888fdebc911e3cf1d452ff80c43 |
Available diffs
Binary packages built by this source
- vim: Vi IMproved - enhanced vi editor
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a rather
standard set of features. This package does not provide a GUI
version of Vim. See the other vim-* packages if you need more
(or less).
- vim-athena: Vi IMproved - enhanced vi editor - with Athena GUI
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a Athena GUI
and support for scripting with Lua, Perl, Python 3, and Tcl.
- vim-athena-dbgsym: debug symbols for vim-athena
- vim-common: Vi IMproved - Common files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains files shared by all non GUI-enabled vim variants
available in Debian. Examples of such shared files are: manpages and
configuration files.
- vim-dbgsym: debug symbols for vim
- vim-doc: Vi IMproved - HTML documentation
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains the HTML version of the online documentation. It is
built from the runtime/doc directory of the source tree.
- vim-gtk: Vi IMproved - enhanced vi editor (dummy package)
This is a transitional package to install the vim-gtk3 package. You may
remove this package if nothing depends on it.
- vim-gtk3: Vi IMproved - enhanced vi editor - with GTK3 GUI
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a GTK3 GUI
and support for scripting with Lua, Perl, Python 3, Ruby, and Tcl.
- vim-gtk3-dbgsym: debug symbols for vim-gtk3
- vim-gui-common: Vi IMproved - Common GUI files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains files shared by all GUI-enabled vim
variants available in Debian. Examples of such shared files are:
gvimtutor, icons, and desktop environments settings.
- vim-nox: Vi IMproved - enhanced vi editor - with scripting languages support
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with support for
scripting with Lua, Perl, Python 3, Ruby, and Tcl but no GUI.
- vim-nox-dbgsym: debug symbols for vim-nox
- vim-runtime: Vi IMproved - Runtime files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains vimtutor and the architecture independent runtime
files, used, if available, by all vim variants available in Debian.
Example of such runtime files are: online documentation, rules for
language-specific syntax highlighting and indentation, color schemes,
and standard plugins.
- vim-tiny: Vi IMproved - enhanced vi editor - compact version
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains a minimal version of Vim compiled with no GUI and
a small subset of features. This package's sole purpose is to provide
the vi binary for base installations.
.
If a vim binary is wanted, try one of the following more featureful
packages: vim, vim-nox, vim-athena, or vim-gtk3.
- vim-tiny-dbgsym: debug symbols for vim-tiny
- xxd: tool to make (or reverse) a hex dump
xxd creates a hex dump of a given file or standard input. It can also convert
a hex dump back to its original binary form.
- xxd-dbgsym: debug symbols for xxd