[ubuntu/jammy-security] vim 2:8.2.3995-1ubuntu2.12 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Mon Oct 9 04:11:32 UTC 2023
vim (2:8.2.3995-1ubuntu2.12) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3234.patch: Check for replacing NUL after Tab.
- debian/patches/CVE-2022-3491.patch: Do not return an invalid pointer.
Fix skipping redirection
- debian/patches/CVE-2022-3520.patch: Check that the column does not
become negative.
- CVE-2022-3234
- CVE-2022-3491
- CVE-2022-3520
* SECURITY UPDATE: use after free memory issue
- debian/patches/CVE-2022-3235.patch: Make sure pointer to b_p_iminsert
is still valid.
- debian/patches/CVE-2022-3256.patch: Copy the mark before editing
another buffer
- debian/patches/CVE-2022-3297.patch: Make a copy of the option. Make
sure cursor position is valid
- debian/patches/CVE-2022-3352.patch: Disallow deleting the current
buffer to avoid using freed memory
- debian/patches/CVE-2022-3591.patch: Disallow navigating to a dummy
buffer
- debian/patches/CVE-2022-3705.patch: Set the quickfix-busy flag while
filling the buffer
- debian/patches/CVE-2022-4292.patch: Bail out if the window no longer
exists.
- CVE-2022-3235
- CVE-2022-3256
- CVE-2022-3297
- CVE-2022-3352
- CVE-2022-3591
- CVE-2022-3705
- CVE-2022-4292
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-3278.patch: Don't get a next line when
skipping over NL
- CVE-2022-3278
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2022-3324.patch: Make sure the window width does
not become negative
- CVE-2022-3324
* SECURITY UPDATE: incorrect floating point comparison
- debian/patches/CVE-2022-4293.patch: fix floating point comparison
- CVE-2022-4293
* debian/patches/fix_flaky_tests.patch: fix some flaky tests
Date: 2023-10-06 12:45:09.003259+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.12
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list