Summary: | <app-editors/vim-9.0.0828 <app-editors/gvim-9.0.0828 <app-editors/vim-core-9.0.0828: Use-after-free in autocmd handler | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vaibhav Rustagi <vaibhavrustagi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | vim |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/28119 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 884399 | ||
Bug Blocks: |
Description
Vaibhav Rustagi
2022-11-03 06:06:39 UTC
Thanks for the report! (re summary, no big deal, but we use < in summary for when there's a fixed version in Gentoo). PR for fixing the bug: https://github.com/gentoo/gentoo/pull/28119 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36462479387f861b11874aac02e9208992193462 commit 36462479387f861b11874aac02e9208992193462 Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2022-11-03 06:13:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-03 06:32:00 +0000 app-editors/gvim: version bump to v9.0.0828. This is needed to resolve CVE-2022-3705. Bug: https://bugs.gentoo.org/879257 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Closes: https://github.com/gentoo/gentoo/pull/28119 Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 1 + app-editors/gvim/gvim-9.0.0828.ebuild | 365 ++++++++++++++++++++++++++++++++++ 2 files changed, 366 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83d6d09cb4e95233dd64ac35c65a42d47074fc2e commit 83d6d09cb4e95233dd64ac35c65a42d47074fc2e Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2022-11-03 06:09:36 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-03 06:32:00 +0000 app-editors/vim-core: version bump to v9.0.0828. This is needed to resolve CVE-2022-3705. Bug: https://bugs.gentoo.org/879257 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-9.0.0828.ebuild | 230 ++++++++++++++++++++++++++ 2 files changed, 231 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b971c48e8bae5f61643351aa483b6f6d10467fb4 commit b971c48e8bae5f61643351aa483b6f6d10467fb4 Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2022-11-03 05:56:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-03 06:32:00 +0000 app-editors/vim: version bump to v9.0.0828. This is needed to resolve CVE-2022-3705. Bug: https://bugs.gentoo.org/879257 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-9.0.0828-r1.ebuild | 371 +++++++++++++++++++++++++++++++++ 2 files changed, 372 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a7abe409847e485c54174bd47135b4be324de92 commit 9a7abe409847e485c54174bd47135b4be324de92 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-11-03 06:35:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-11-03 06:35:38 +0000 app-editors/vim: drop unnecessary revision for 9.0.0828 Bug: https://bugs.gentoo.org/879257 Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/{vim-9.0.0828-r1.ebuild => vim-9.0.0828.ebuild} | 0 1 file changed, 0 insertions(+), 0 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46 commit 57791e0ecfc392428cba8ab5152bafbd79e57d46 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:03:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:28 +0000 [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/851231 Bug: https://bugs.gentoo.org/861092 Bug: https://bugs.gentoo.org/869359 Bug: https://bugs.gentoo.org/879257 Bug: https://bugs.gentoo.org/883681 Bug: https://bugs.gentoo.org/889730 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) |