[ubuntu/jammy-updates] vim 2:8.2.3995-1ubuntu2.10 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Aug 3 08:29:15 UTC 2023


vim (2:8.2.3995-1ubuntu2.10) jammy-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-2182.patch: When on line zero check the
      column is valid for line one.
    - debian/patches/CVE-2022-2264.patch: Adjust the end mark position.
    - debian/patches/CVE-2022-2284.patch: Stop Visual mode when closing a
      window.
    - CVE-2022-2182
    - CVE-2022-2264
    - CVE-2022-2284
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2022-2208.patch: Recompute diffs later. Skip
      window without a valid buffer.
    - debian/patches/CVE-2022-2231.patch: Do not use the NULL pointer.
    - CVE-2022-2208
    - CVE-2022-2231
  * SECURITY UPDATE: out-of-bounds write issue
    - debian/patches/CVE-2022-2210.patch: Use zero offset when change
      removes all lines in a diff block
    - CVE-2022-2210
  * SECURITY UPDATE: out-of-bounds read issue
    - debian/patches/CVE-2022-2257.patch: Check for NUL.
    - debian/patches/CVE-2022-2286.patch: Check the length of the string
    - debian/patches/CVE-2022-2287.patch: Disallow adding a word with
      control characters or a trailing slash.
    - CVE-2022-2257
    - CVE-2022-2286
    - CVE-2022-2287
  * SECURITY UPDATE: integer overflow issue
    - debian/patches/CVE-2022-2285.patch: Put a NUL after the typeahead.
    - CVE-2022-2285
  * SECURITY UPDATE: use after free memory issue
    - debian/patches/CVE-2022-2289.patch: Bail out when diff pointer is no
      longer valid
    - CVE-2022-2289
  * debian/patches/skip_some_tests.patch: skip some failing test

Date: 2023-08-02 11:26:08.916768+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.10
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list