Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 833572 (CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943) - <app-editors/vim-8.2.4586: multiple vulnerabilities
Summary: <app-editors/vim-8.2.4586: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-0629, CVE-2022-0685, CVE-2022-0714, CVE-2022-0729, CVE-2022-0943
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/vim/vim/commit/34f...
Whiteboard: B3 [glsa+]
Keywords: PullRequest
Depends on: 849338
Blocks:
  Show dependency tree
 
Reported: 2022-02-17 21:29 UTC by John Helmert III
Modified: 2022-08-21 02:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-17 21:29:40 UTC
CVE-2022-0629:

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Fix in 8.2.4397.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-20 17:06:39 UTC
CVE-2022-0685 (https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87):

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-23 15:58:49 UTC
CVE-2022-0729 (https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea):

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

CVE-2022-0714 (https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-15 15:21:48 UTC
CVE-2022-0943 (https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3):

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
Comment 4 Larry the Git Cow gentoo-dev 2022-03-21 23:42:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e29157e8acb1c2750139326314e527ee0235774

commit 2e29157e8acb1c2750139326314e527ee0235774
Author:     Meena Shanmugam <meenashanmugam@google.com>
AuthorDate: 2022-03-17 21:54:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-21 23:38:48 +0000

    app-editors/gvim: version bump to v8.2.4586.
    
    This is needed to resolve CVE-2022-0714, CVE-2022-0696, CVE-2022-0685,
    CVE-2022-0729, CVE-2022-0572 and CVE-2022-0629.
    
    Bug: https://bugs.gentoo.org/833572
    Signed-off-by: Meena Shanmugam <meenashanmugam@google.com>
    Closes: https://github.com/gentoo/gentoo/pull/24629
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-8.2.4586.ebuild | 383 ++++++++++++++++++++++++++++++++++
 2 files changed, 384 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=601495240b55ed1730c209da20689b84145b7d55

commit 601495240b55ed1730c209da20689b84145b7d55
Author:     Meena Shanmugam <meenashanmugam@google.com>
AuthorDate: 2022-03-17 21:48:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-21 23:38:46 +0000

    app-editors/vim-core: version bump to v8.2.4586.
    
    This is needed to resolve CVE-2022-0714, CVE-2022-0696, CVE-2022-0685,
    CVE-2022-0729, CVE-2022-0572 and CVE-2022-0629.
    
    Bug: https://bugs.gentoo.org/833572
    Signed-off-by: Meena Shanmugam <meenashanmugam@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-8.2.4586.ebuild | 231 ++++++++++++++++++++++++++
 2 files changed, 232 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1be9c7bdc9ceb697535cebdf94536f36779d3fa8

commit 1be9c7bdc9ceb697535cebdf94536f36779d3fa8
Author:     Meena Shanmugam <meenashanmugam@google.com>
AuthorDate: 2022-03-17 21:36:20 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-21 23:38:44 +0000

    app-editors/vim: version bump to v8.2.4586.
    
    This is needed to resolve CVE-2022-0714, CVE-2022-0696, CVE-2022-0685,
    CVE-2022-0729, CVE-2022-0572 and CVE-2022-0629.
    
    Bug: https://bugs.gentoo.org/833572
    Signed-off-by: Meena Shanmugam <meenashanmugam@google.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-8.2.4586.ebuild | 350 ++++++++++++++++++++++++++++++++++++
 2 files changed, 351 insertions(+)
Comment 5 Larry the Git Cow gentoo-dev 2022-06-26 19:37:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a43cf558989922caf611410f0e381b22480ceeba

commit a43cf558989922caf611410f0e381b22480ceeba
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-06-26 19:33:23 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-06-26 19:37:34 +0000

    app-editors/vim: Drop old versions
    
    Bug: https://bugs.gentoo.org/833572
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 app-editors/vim/Manifest               |   1 -
 app-editors/vim/vim-8.2.4328-r1.ebuild | 350 ---------------------------------
 2 files changed, 351 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd7f1c1443c3218ac445dc15abe99a152d387b29

commit dd7f1c1443c3218ac445dc15abe99a152d387b29
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2022-06-26 19:33:22 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-06-26 19:37:30 +0000

    app-editors/vim-core: Drop old versions
    
    Bug: https://bugs.gentoo.org/833572
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 app-editors/vim-core/Manifest                    |   1 -
 app-editors/vim-core/vim-core-8.2.4328-r1.ebuild | 231 -----------------------
 2 files changed, 232 deletions(-)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 05:32:01 UTC
GLSA request filed
Comment 7 Larry the Git Cow gentoo-dev 2022-08-21 02:09:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cee523fe648754bae0e4ed2a531da672ac5fa15

commit 2cee523fe648754bae0e4ed2a531da672ac5fa15
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-21 01:33:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-21 01:40:46 +0000

    [ GLSA 202208-32 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/811870
    Bug: https://bugs.gentoo.org/818562
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/823473
    Bug: https://bugs.gentoo.org/824930
    Bug: https://bugs.gentoo.org/828583
    Bug: https://bugs.gentoo.org/829658
    Bug: https://bugs.gentoo.org/830106
    Bug: https://bugs.gentoo.org/830994
    Bug: https://bugs.gentoo.org/833572
    Bug: https://bugs.gentoo.org/836432
    Bug: https://bugs.gentoo.org/851231
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-32.xml | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 168 insertions(+)
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-21 02:16:57 UTC
GLSA released, all done!