[ubuntu/impish-proposed] vim 2:8.2.2434-3ubuntu2 (Accepted)

Spyros Seimenis spyros.seimenis at canonical.com
Mon Sep 20 14:08:14 UTC 2021 

vim (2:8.2.2434-3ubuntu2) impish; urgency=medium

  * SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with large value
    - debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive
      number in src/indent.c.
    - debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with
      invalid argument
    - CVE-2021-3770
  * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of line
    with invalid utf-8 character
    - debian/patches/CVE-2021-3778.patch: Validate encoding of character before
      advancing line in regexp_nfa.c.
    - CVE-2021-3778
  * SECURITY UPDATE: Fix use after free when replacing
    - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
      ins_copychar() in src/normal.c.
    - CVE-2021-3796

Date: Mon, 20 Sep 2021 14:50:52 +0300
Changed-By: Spyros Seimenis <spyros.seimenis at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:8.2.2434-3ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 20 Sep 2021 14:50:52 +0300
Source: vim
Built-For-Profiles: noudeb
Architecture: source
Version: 2:8.2.2434-3ubuntu2
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Spyros Seimenis <spyros.seimenis at canonical.com>
Changes:
 vim (2:8.2.2434-3ubuntu2) impish; urgency=medium
 .
   * SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with large value
     - debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive
       number in src/indent.c.
     - debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with
       invalid argument
     - CVE-2021-3770
   * SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of line
     with invalid utf-8 character
     - debian/patches/CVE-2021-3778.patch: Validate encoding of character before
       advancing line in regexp_nfa.c.
     - CVE-2021-3778
   * SECURITY UPDATE: Fix use after free when replacing
     - debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
       ins_copychar() in src/normal.c.
     - CVE-2021-3796
Checksums-Sha1:
 9d8e87ca0b661281d49a628bea74287acd121dd9 3016 vim_8.2.2434-3ubuntu2.dsc
 788b134d55f4d5b4986f0608cc73f740ab5edcd0 211948 vim_8.2.2434-3ubuntu2.debian.tar.xz
 f4afd494e187401f580daaa9041dd73b9a85c925 17064 vim_8.2.2434-3ubuntu2_source.buildinfo
Checksums-Sha256:
 c4699d8c0ba352d26d85194bb6a3689ddb80f3e191c7bf452ae8804926f952d2 3016 vim_8.2.2434-3ubuntu2.dsc
 8b36dc6d90a4944fd14fcd301846758520eb9c504f843eb92b4dea188b231d1f 211948 vim_8.2.2434-3ubuntu2.debian.tar.xz
 28b65e719b8aaee78f36421c0fa4bf9184e3a74d7a9cb934f00307b7fe7f68b2 17064 vim_8.2.2434-3ubuntu2_source.buildinfo
Files:
 56c2f46c957622dc842ea415ce79c336 3016 editors optional vim_8.2.2434-3ubuntu2.dsc
 baeba9d7c0b62d46754bfa69856681f5 211948 editors optional vim_8.2.2434-3ubuntu2.debian.tar.xz
 b89a516a345a95390af206d0644f4be4 17064 editors optional vim_8.2.2434-3ubuntu2_source.buildinfo
Original-Maintainer: Debian Vim Maintainers <pkg-vim-maintainers at lists.alioth.debian.org>

More information about the impish-changes mailing list