[ubuntu/oracular-proposed] vim 2:9.1.0496-1ubuntu5 (Accepted)

Bruce Cable bruce.cable at canonical.com
Mon Sep 9 13:09:15 UTC 2024 

vim (2:9.1.0496-1ubuntu5) oracular; urgency=medium

  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2024-41957.patch: set tagname to NULL
      after being freed
    - CVE-2024-41957
  * SECURITY UPDATE: double free
    - debian/patches/CVE-2024-41965.patch: check buffers are different
      before freeing
    - CVE-2024-41965
  * SECURITY UPDATE: use after free
    - debian/patches/CVE-2024-43374.patch: add lock to keep
      reference valid
    - CVE-2024-43374
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2024-43790.patch: set buffer length to length
      of msgbuf
    - CVE-2024-43790

Date: Thu, 05 Sep 2024 16:38:12 +1000
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:9.1.0496-1ubuntu5
-------------- next part --------------
Format: 1.8
Date: Thu, 05 Sep 2024 16:38:12 +1000
Source: vim
Built-For-Profiles: noudeb
Architecture: source
Version: 2:9.1.0496-1ubuntu5
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Changes:
 vim (2:9.1.0496-1ubuntu5) oracular; urgency=medium
 .
   * SECURITY UPDATE: use after free
     - debian/patches/CVE-2024-41957.patch: set tagname to NULL
       after being freed
     - CVE-2024-41957
   * SECURITY UPDATE: double free
     - debian/patches/CVE-2024-41965.patch: check buffers are different
       before freeing
     - CVE-2024-41965
   * SECURITY UPDATE: use after free
     - debian/patches/CVE-2024-43374.patch: add lock to keep
       reference valid
     - CVE-2024-43374
   * SECURITY UPDATE: buffer overflow
     - debian/patches/CVE-2024-43790.patch: set buffer length to length
       of msgbuf
     - CVE-2024-43790
Checksums-Sha1:
 58f1279f7489731f29b4198ebe53dbeb8fee1034 2729 vim_9.1.0496-1ubuntu5.dsc
 a4c051017e5f2747f33b51129489d0e7113c761c 208088 vim_9.1.0496-1ubuntu5.debian.tar.xz
 4e14086744517cd90163001c525a914cd212bf5b 17409 vim_9.1.0496-1ubuntu5_source.buildinfo
Checksums-Sha256:
 e592b8ccda976664b5af6884401a881395c914c18a0a4d99bdcb26b397268f27 2729 vim_9.1.0496-1ubuntu5.dsc
 ed5a563a13f18368ffd82ce1887596b200a4397bdab4fc80be8b33a0a05a416b 208088 vim_9.1.0496-1ubuntu5.debian.tar.xz
 3115f0c8ab3fc686f95682ae0a4662d378eb349f3c231b343fcbb01a34115b02 17409 vim_9.1.0496-1ubuntu5_source.buildinfo
Files:
 7abb6b4199df879b599265bd582f9926 2729 editors optional vim_9.1.0496-1ubuntu5.dsc
 d8684465ceecbd79e56f797448f5637b 208088 editors optional vim_9.1.0496-1ubuntu5.debian.tar.xz
 e43679698722ef3701beb5aff3c2d28b 17409 editors optional vim_9.1.0496-1ubuntu5_source.buildinfo
Original-Maintainer: Debian Vim Maintainers <team+vim at tracker.debian.org>

More information about the oracular-changes mailing list