Summary: | <app-editors/vim-9.0.0399: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | vim |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 884399 | ||
Bug Blocks: |
Description
John Helmert III
2022-07-26 01:45:59 UTC
CVE-2022-2819 (https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59): https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0210. CVE-2022-2816 (https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666): https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58 Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0211. CVE-2022-2817 (https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20): https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f Use After Free in GitHub repository vim/vim prior to 9.0.0212. CVE-2022-2845 (https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445): https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217. I've just noticed that the versions in all of these descriptions are off by one. So, CVE-2022-2845 affects vim prior to 9.0.0218 (because the patch fixing it is 9.0.0218), and so on. CVE-2022-2862 (https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765): https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 Use After Free in GitHub repository vim/vim prior to 9.0.0220. CVE-2022-2849 (https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e): https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0219. Both off by one, as with the others. CVE-2022-2874 (https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79): https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0223. Fix is actually in 9.0.0224. CVE-2022-2889 (https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa): https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 Use After Free in GitHub repository vim/vim prior to 9.0.0225. CVE-2022-2923 (https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2): https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0239. This one is wrong again. Fix is in 9.0.0240. CVE-2022-2946 (https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5): https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c Use After Free in GitHub repository vim/vim prior to 9.0.0245. Fixed in 9.0.0246 despite description. CVE-2022-2982 (https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be): Use After Free in GitHub repository vim/vim prior to 9.0.0260. CVE-2022-2980 (https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. These ones are correct again. CVE-2022-3016 (https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371): Use After Free in GitHub repository vim/vim prior to 9.0.0285. The patch is in 9.0.0286: https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7 CVE-2022-3099 (https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e): https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c Use After Free in GitHub repository vim/vim prior to 9.0.0359. The patch is actually 9.0.0360, of course. CVE-2022-3134 (https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc): Use After Free in GitHub repository vim/vim prior to 9.0.0388. Patch is in 9.0.0389: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24244d69a69f9fbc917a7f473b164039ad76aba1 commit 24244d69a69f9fbc917a7f473b164039ad76aba1 Author: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com> AuthorDate: 2022-09-03 03:26:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-04 13:26:43 +0000 app-editors/gvim: bump to 9.0.399 Bug: https://bugs.gentoo.org/861092 Closes: https://github.com/gentoo/gentoo/pull/27121 Signed-off-by: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 1 + app-editors/gvim/gvim-9.0.0399.ebuild | 361 ++++++++++++++++++++++++++++++++++ 2 files changed, 362 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e48fb8ff80481917818107c3ec994539d309a931 commit e48fb8ff80481917818107c3ec994539d309a931 Author: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com> AuthorDate: 2022-09-03 03:24:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-04 13:26:40 +0000 app-editors/vim: bump to 9.0.0399 Bug: https://bugs.gentoo.org/861092 Signed-off-by: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-9.0.0399.ebuild | 357 ++++++++++++++++++++++++++++++++++++ 2 files changed, 358 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d548d334dd7d5e4906ecb26c5bfe949b49ff956 commit 6d548d334dd7d5e4906ecb26c5bfe949b49ff956 Author: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com> AuthorDate: 2022-09-03 03:19:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-04 13:26:36 +0000 app-editors/vim-core: bump to 9.0.0399 Also moved gentoo-syntax dependency to app-editors/{,g}vim so that this package doesn't pull in vim Bug: https://bugs.gentoo.org/861092 Signed-off-by: Wolfgang E. Sanyer <ezzieyguywuf@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-9.0.0399.ebuild | 230 ++++++++++++++++++++++++++ 2 files changed, 231 insertions(+) CVE-2022-47024 (https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19): A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46 commit 57791e0ecfc392428cba8ab5152bafbd79e57d46 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:03:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:28 +0000 [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/851231 Bug: https://bugs.gentoo.org/861092 Bug: https://bugs.gentoo.org/869359 Bug: https://bugs.gentoo.org/879257 Bug: https://bugs.gentoo.org/883681 Bug: https://bugs.gentoo.org/889730 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+) |