[Bug 1996087] Re: Ensure supported codenames are accurate

Launchpad Bug Tracker 1996087 at bugs.launchpad.net
Thu Jan 12 19:57:11 UTC 2023 

This bug was fixed in the package vim - 2:8.2.3995-1ubuntu2.3

---------------
vim (2:8.2.3995-1ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: illegal memory access with bracketed paste in Ex mode
    - debian/patches/CVE-2022-0392.patch: reverse space for the trailing NUL
    - CVE-2022-0392
  * SECURITY UPDATE: retab may cause illegal memory access
    - debian/patches/CVE-2022-0417.patch: limit the value of tabstop
    - CVE-2022-0417

 -- Mark Esler <mark.esler at canonical.com>  Wed, 11 Jan 2023 17:53:12
-0600

** Changed in: vim (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0392

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0417

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to vim in Ubuntu.
https://bugs.launchpad.net/bugs/1996087

Title:
  Ensure supported codenames are accurate

Status in vim package in Ubuntu:
  Fix Committed
Status in vim source package in Focal:
  Fix Committed
Status in vim source package in Jammy:
  Fix Released
Status in vim source package in Kinetic:
  Fix Committed
Status in vim source package in Lunar:
  Fix Committed

Bug description:
  In several stable releases of Ubuntu, Vim has information regarding
  releases that are outdated. It would be optimal for Vim to grab this
  data from distro-info-data (or similar), but unfortunately that is not
  the case. Therefore, the list needs to be updated.

  There is a minimal regression potential here; Vim simply reads a
  statically-set Perl array to determine if the release in the changelog
  and sources.list is supported or not. Any regression would present
  itself in external tooling that detects text highlighting, which is
  not a case I think we support in Ubuntu.

  A simple way to test this update is to download a package from the
  Lunar archive, and open the changelog with Vim. Instead of the
  changelog release (e.g. "lunar") showing as red, it should show as
  blue. I would also suggest editing sources.list, to ensure e.g. Eoan
  shows as EOL.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/1996087/+subscriptions

More information about the foundations-bugs mailing list