vim (2:8.2.3995-1ubuntu2.22) jammy-security; urgency=medium
* SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
- debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
- CVE-2025-22134
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 17 Jan 2025 12:55:02 -0330
vim (2:8.2.3995-1ubuntu2.21) jammy-security; urgency=medium
* SECURITY UPDATE: Use after free when closing a buffer.
- debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
Add buf_locked() in src/proto/buffer.pro.
- CVE-2024-47814
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 07 Nov 2024 09:47:21 -0330
vim (2:8.2.3995-1ubuntu2.20) jammy; urgency=medium
* Ensure Ubuntu codenames are current (LP: #2084706).
-- Simon Quigley <tsimonq2@ubuntu.com> Wed, 16 Oct 2024 12:27:14 -0500
vim (2:8.2.3995-1ubuntu2.19) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-43802.patch: check buflen before advancing
offset.
- CVE-2024-43802
-- Vyom Yadav <vyom.yadav@canonical.com> Wed, 25 Sep 2024 11:00:01 +0530
vim (2:8.2.3995-1ubuntu2.18) jammy-security; urgency=medium
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-41957.patch: set tagname to NULL
after being freed
- CVE-2024-41957
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-43374.patch: add lock to keep
reference valid
- CVE-2024-43374
-- Bruce Cable <bruce.cable@canonical.com> Tue, 27 Aug 2024 15:34:22 +1000
vim (2:8.2.3995-1ubuntu2.17) jammy; urgency=medium
* Ensure Ubuntu codenames are current (LP: #2064687).
-- Simon Quigley <tsimonq2@ubuntu.com> Thu, 02 May 2024 21:37:51 -0500
vim (2:8.2.3995-1ubuntu2.16) jammy-security; urgency=medium
* SECURITY UPDATE: stack based buffer overflow
- debian/patches/CVE-2024-22667.patch: passes error buffer length down
through option callback functions.
- debian/patches/remove-flaky-matchfuzzy-test.patch: removing flaky test
initially introduced in d/p/CVE-2023-2426.patch due to long run time
causing the test and builds to fail.
- CVE-2024-22667
-- Ian Constantin <ian.constantin@canonical.com> Thu, 14 Mar 2024 11:05:11 +0200
vim (2:8.2.3995-1ubuntu2.15) jammy-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
in more places.
- CVE-2022-1725
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
- CVE-2022-1771
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2022-1886.patch: Check the length is more than zero.
- CVE-2022-1886
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
command.
- CVE-2022-1897
* SECURITY UPDATE: out-of-bounds write
- debian/patches/CVE-2022-2000.patch: addresses the potential for an
overflow by adding a bounds check and truncating the message if needed.
- CVE-2022-2000
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2022-2042.patch: Initialize "attr". Check for empty
line early.
- CVE-2022-2042
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-46246.patch: Check that the return value from the
vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
an error.
- CVE-2023-46246
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-48231.patch: If the current window structure is
no longer valid, fail and return before attempting to set win->w_closing
variable.
- CVE-2023-48231
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48233.patch: If the count after the :s command is
larger than what fits into a (signed) long variable, abort with
e_value_too_large.
- CVE-2023-48233
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
command, it may overflow for large counts given. So verify, that we can
safely store the result in a long.
- CVE-2023-48234
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
one may unintentionally cause an overflow (because LONG_MAX - lnum will
overflow for negative addresses).
- CVE-2023-48235
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48236.patch: When using the z= command, we may
overflow the count with values larger than MAX_INT. So verify that we do
not overflow and in case when an overflow is detected, simply return 0.
- CVE-2023-48236
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48237.patch: When shifting lines in operator
pending mode and using a very large value, we may overflow the size of
integer. Fix this by using a long variable, testing if the result would
be larger than INT_MAX and if so, indent by INT_MAX value.
- CVE-2023-48237
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-48706.patch: ensure that the sub var always using
allocated memory.
- CVE-2023-48706
-- Fabian Toepfer <fabian.toepfer@canonical.com> Tue, 05 Dec 2023 18:58:57 +0100
vim (2:8.2.3995-1ubuntu2.13) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
reset_VIsual() in do_ecmd.
- CVE-2023-4733
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2023-4734.patch: Check for typeval correctly in
f_fullcommand.
- CVE-2023-4734
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
overflow in do_addsub.
- CVE-2023-4735
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4750.patch: Check buffer is valid before
accessing it.
- CVE-2023-4750
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-4751.patch: Stop Visual mode when using :ball
to avoid illegal memory access.
- CVE-2023-4751
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4752.patch: validate buffer before accessing it
in ins_compl_get_exp.
- CVE-2023-4752
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-4781.patch: Disallow exchanging windows when
textlock is active in vim_regsub_both.
- CVE-2023-4781
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
trunc_string.
- CVE-2023-5344
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
in gui_do_scroll.
- CVE-2023-5441
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-5535.patch: block autocommands in
buf_contents_changed.
- CVE-2023-5535
-- Fabian Toepfer <fabian.toepfer@canonical.com> Mon, 16 Oct 2023 20:15:38 +0200
vim (2:8.2.3995-1ubuntu2.12) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3234.patch: Check for replacing NUL after Tab.
- debian/patches/CVE-2022-3491.patch: Do not return an invalid pointer.
Fix skipping redirection
- debian/patches/CVE-2022-3520.patch: Check that the column does not
become negative.
- CVE-2022-3234
- CVE-2022-3491
- CVE-2022-3520
* SECURITY UPDATE: use after free memory issue
- debian/patches/CVE-2022-3235.patch: Make sure pointer to b_p_iminsert
is still valid.
- debian/patches/CVE-2022-3256.patch: Copy the mark before editing
another buffer
- debian/patches/CVE-2022-3297.patch: Make a copy of the option. Make
sure cursor position is valid
- debian/patches/CVE-2022-3352.patch: Disallow deleting the current
buffer to avoid using freed memory
- debian/patches/CVE-2022-3591.patch: Disallow navigating to a dummy
buffer
- debian/patches/CVE-2022-3705.patch: Set the quickfix-busy flag while
filling the buffer
- debian/patches/CVE-2022-4292.patch: Bail out if the window no longer
exists.
- CVE-2022-3235
- CVE-2022-3256
- CVE-2022-3297
- CVE-2022-3352
- CVE-2022-3591
- CVE-2022-3705
- CVE-2022-4292
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-3278.patch: Don't get a next line when
skipping over NL
- CVE-2022-3278
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2022-3324.patch: Make sure the window width does
not become negative
- CVE-2022-3324
* SECURITY UPDATE: incorrect floating point comparison
- debian/patches/CVE-2022-4293.patch: fix floating point comparison
- CVE-2022-4293
* debian/patches/fix_flaky_tests.patch: fix some flaky tests
-- Nishit Majithia <nishit.majithia@canonical.com> Fri, 06 Oct 2023 13:19:43 +0530
# For older changelog entries, run 'apt-get changelog vim'
Generated by dwww version 1.14 on Wed Jan 22 08:35:44 CET 2025.