Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 828583 (CVE-2021-4069)

Summary: <app-editors/{gvim,vim,vim-core}-8.2.3741: use after free
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: vim
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 829396    
Bug Blocks: 824930    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-08 20:26:40 UTC
CVE-2021-4069:

vim is vulnerable to Use After Free


Needs bump to 8.2.3741.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-12-16 10:47:43 UTC
I didn't notice the wrong Bug tag!

https://github.com/gentoo/gentoo/commit/f2b69d0f2b4bf2dfbfa929e7800093b9bf84f1b6 And friends bumped this. Am on mobile though. Will update rest of bug metadata later
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-16 17:14:27 UTC
Please stabilize when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 05:31:57 UTC
GLSA request filed
Comment 4 Larry the Git Cow gentoo-dev 2022-08-21 02:09:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cee523fe648754bae0e4ed2a531da672ac5fa15

commit 2cee523fe648754bae0e4ed2a531da672ac5fa15
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-21 01:33:31 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-21 01:40:46 +0000

    [ GLSA 202208-32 ] Vim, gVim: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/811870
    Bug: https://bugs.gentoo.org/818562
    Bug: https://bugs.gentoo.org/819528
    Bug: https://bugs.gentoo.org/823473
    Bug: https://bugs.gentoo.org/824930
    Bug: https://bugs.gentoo.org/828583
    Bug: https://bugs.gentoo.org/829658
    Bug: https://bugs.gentoo.org/830106
    Bug: https://bugs.gentoo.org/830994
    Bug: https://bugs.gentoo.org/833572
    Bug: https://bugs.gentoo.org/836432
    Bug: https://bugs.gentoo.org/851231
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-32.xml | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 168 insertions(+)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-21 02:16:31 UTC
GLSA released, all done!