CVE-2023-1127: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1175: Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVE-2023-1170: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Updating the version to latest tag in vim repository will resolve the vulnerabilities. Will soon send a PR for this.
PR with the version bump: https://github.com/gentoo/gentoo/pull/30126
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=343a6915ac7d7f3ea023356f1af72d85e7db4f5a commit 343a6915ac7d7f3ea023356f1af72d85e7db4f5a Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:35:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:26 +0000 app-editors/gvim: version bump to v9.0.1403. This resolves CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Closes: https://github.com/gentoo/gentoo/pull/30126 Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 1 + app-editors/gvim/gvim-9.0.1403.ebuild | 378 ++++++++++++++++++++++++++++++++++ 2 files changed, 379 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b71e739479c33bcb561b6305f0d2df8f3f7ab480 commit b71e739479c33bcb561b6305f0d2df8f3f7ab480 Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:33:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:25 +0000 app-editors/vim-core: version bump to v9.0.1403. This resolves CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-9.0.1403.ebuild | 241 ++++++++++++++++++++++++++ 2 files changed, 242 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38ad187c29e86a5f6dffb2a717d8f11af07b78cd commit 38ad187c29e86a5f6dffb2a717d8f11af07b78cd Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:29:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:25 +0000 app-editors/vim: version bump to v9.0.1403. This is needed to resolve CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-9.0.1403.ebuild | 382 ++++++++++++++++++++++++++++++++++++ 2 files changed, 383 insertions(+)
CVE-2023-1355 (https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVE-2023-1264 (https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVE-2023-1175 (https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba): Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVE-2023-1170 (https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c): Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. CVE-2023-1127 (https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c): Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-0512 (https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835): Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6495efe9d7ce182d8d815c9da1afedfb2484782a commit 6495efe9d7ce182d8d815c9da1afedfb2484782a Author: Oskari Pirhonen <xxc3ncoredxx@gmail.com> AuthorDate: 2023-06-05 03:08:44 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 03:40:32 +0000 app-editors/vim-core: drop 9.0.1157 Bug: https://bugs.gentoo.org/890746 Bug: https://bugs.gentoo.org/901229 Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/31311 Signed-off-by: John Helmert III <ajak@gentoo.org> app-editors/vim-core/Manifest | 1 - app-editors/vim-core/vim-core-9.0.1157.ebuild | 231 -------------------------- 2 files changed, 232 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2906762a0e6856e9dda44e15fb3117fd05847778 commit 2906762a0e6856e9dda44e15fb3117fd05847778 Author: Oskari Pirhonen <xxc3ncoredxx@gmail.com> AuthorDate: 2023-06-05 03:07:10 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 03:40:31 +0000 app-editors/vim: drop 9.0.1157 Bug: https://bugs.gentoo.org/890746 Bug: https://bugs.gentoo.org/901229 Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> Signed-off-by: John Helmert III <ajak@gentoo.org> app-editors/vim/Manifest | 1 - app-editors/vim/vim-9.0.1157.ebuild | 371 ------------------------------------ 2 files changed, 372 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cdc7acfab3a8a8c690fac439ada0abbb94705b5 commit 9cdc7acfab3a8a8c690fac439ada0abbb94705b5 Author: Oskari Pirhonen <xxc3ncoredxx@gmail.com> AuthorDate: 2023-06-05 03:04:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 03:40:29 +0000 app-editors/gvim: drop 9.0.1157 Bug: https://bugs.gentoo.org/890746 Bug: https://bugs.gentoo.org/901229 Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> Signed-off-by: John Helmert III <ajak@gentoo.org> app-editors/gvim/Manifest | 1 - app-editors/gvim/gvim-9.0.1157.ebuild | 359 ---------------------------------- 2 files changed, 360 deletions(-)
Just huntr.dev bugs, all done!
