Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 890746 (CVE-2023-0288, CVE-2023-0433)

Summary: <app-editors/vim-9.0.1403: huntr.dev input fuzzing bugs
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: proxy-maint, vim, xxc3ncoredxx
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/31311
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 901229, 904728    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-13 20:49:50 UTC
CVE-2023-0288 (https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3):
https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-22 23:33:07 UTC
CVE-2023-0433 (https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e):

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
Comment 2 Larry the Git Cow gentoo-dev 2023-06-09 03:40:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6495efe9d7ce182d8d815c9da1afedfb2484782a

commit 6495efe9d7ce182d8d815c9da1afedfb2484782a
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-06-05 03:08:44 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-06-09 03:40:32 +0000

    app-editors/vim-core: drop 9.0.1157
    
    Bug: https://bugs.gentoo.org/890746
    Bug: https://bugs.gentoo.org/901229
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/31311
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 -
 app-editors/vim-core/vim-core-9.0.1157.ebuild | 231 --------------------------
 2 files changed, 232 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2906762a0e6856e9dda44e15fb3117fd05847778

commit 2906762a0e6856e9dda44e15fb3117fd05847778
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-06-05 03:07:10 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-06-09 03:40:31 +0000

    app-editors/vim: drop 9.0.1157
    
    Bug: https://bugs.gentoo.org/890746
    Bug: https://bugs.gentoo.org/901229
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-editors/vim/Manifest            |   1 -
 app-editors/vim/vim-9.0.1157.ebuild | 371 ------------------------------------
 2 files changed, 372 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cdc7acfab3a8a8c690fac439ada0abbb94705b5

commit 9cdc7acfab3a8a8c690fac439ada0abbb94705b5
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-06-05 03:04:08 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-06-09 03:40:29 +0000

    app-editors/gvim: drop 9.0.1157
    
    Bug: https://bugs.gentoo.org/890746
    Bug: https://bugs.gentoo.org/901229
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 app-editors/gvim/Manifest             |   1 -
 app-editors/gvim/gvim-9.0.1157.ebuild | 359 ----------------------------------
 2 files changed, 360 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-09 03:41:38 UTC
Thanks! Just huntr.dev bugs, all done.