[ubuntu/mantic-security] vim 2:9.0.1672-1ubuntu2.1 (Accepted)
Fabian Toepfer
fabian.toepfer at canonical.com
Wed Oct 25 16:13:20 UTC 2023
vim (2:9.0.1672-1ubuntu2.1) mantic-security; urgency=medium
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
reset_VIsual() in do_ecmd.
- CVE-2023-4733
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2023-4734.patch: Check for typeval correctly in
f_fullcommand.
- CVE-2023-4734
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
overflow in do_addsub.
- CVE-2023-4735
* SECURITY UPDATE: buffer overflow vulnerability
- debian/patches/CVE-2023-4738.patch: Check remaining space in
vim_regsub_both.
- CVE-2023-4738
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4750.patch: Check buffer is valid before
accessing it.
- CVE-2023-4750
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4752.patch: validate buffer before accessing it
in ins_compl_get_exp.
- CVE-2023-4752
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-4781.patch: Disallow exchanging windows when
textlock is active in vim_regsub_both.
- CVE-2023-4781
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
trunc_string.
- CVE-2023-5344
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
in gui_do_scroll.
- CVE-2023-5441
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-5535.patch: block autocommands in
buf_contents_changed.
- CVE-2023-5535
Date: 2023-10-17 19:20:09.828782+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list