[ubuntu/focal-security] vim 2:8.1.2269-1ubuntu5.6 (Accepted)

Ray Veldkamp ray.veldkamp at canonical.com
Fri Jan 21 03:13:12 UTC 2022


vim (2:8.1.2269-1ubuntu5.6) focal-security; urgency=medium

  * SECURITY UPDATE: Use-after-free issue in regular expression engine when
    using a mark, could lead to a denial of service or code execution.
    - debian/patches/CVE-2021-3974.patch: Ensure check for free is made when
      processing mark in src/regexp_nfa.c, src/testdir/test_regexp_latin.vim
    - CVE-2021-3974
  
  * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
    service or possible code execution when C-indenting
    - debian/patches/CVE-2021-3984.patch: Fix memory access issue by correctly
      dereferencing cursor position in src/cindent.c and
      src/testdir/test_cindent.vim
    - CVE-2021-3984
  
  * SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
    service when help functions are provided with long command strings
    - debian/patches/CVE-2021-4019.patch: Fix handling of strcpy to use safer
      vim_snprintf in src/ex_cmds.c and src/testdir/test_help.vim
    - CVE-2021-4019

  * SECURITY UPDATE: Use-after-free issue in open command can lead to a denial
    of service or possible code execution
    - debian/patches/CVE-2021-4069.patch: Fix issue making a copy of the
      current line and its address in src/ex_docmd.c
    - CVE-2021-4069

Date: 2022-01-20 13:37:10.831167+00:00
Changed-By: Ray Veldkamp <ray.veldkamp at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.6
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list