Summary: | app-editors/vim: invalid free (CVE-2017-11109) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | minor | CC: | vim |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [upstream cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-07-12 07:33:03 UTC
Hi Looking at the Debian changelog, this bug has been fixed for Vim versions greater than 8.0.070x [1]. The latest version available in our repository is 8.0.1188. Should I call for stabilisation of this version here? Thanks! [1]: https://anonscm.debian.org/cgit/pkg-vim/vim.git/commit/?id=ad7fc02 (In reply to Patrice Clement from comment #1) > Hi > > Looking at the Debian changelog, this bug has been fixed for Vim versions > greater than 8.0.070x [1]. The latest version available in our repository is > 8.0.1188. Should I call for stabilisation of this version here? Thanks! > > [1]: https://anonscm.debian.org/cgit/pkg-vim/vim.git/commit/?id=ad7fc02 Patrice, I apologize for the delay. Yes, you would call for stable here. Debian backported that patch from upstream. As long as the patch is either included in Gentoo as a backported patch or the code changes are included in the respective upstream version then we can proceed. Redhat has the bug locked still and I cannot find a diff of the changes. Sec team, The latest stable version of vim in the tree is 8.0.1298. As per comment https://bugs.gentoo.org/624650#c1, this CVE is no longer relevant. Please close this bug report. |