Summary: | <app-editors/vim-9.0.1403 <app-editors/vim-core-9.0.1403 <app-editors/gvim-9.0.1403: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vaibhav Rustagi <vaibhavrustagi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | xxc3ncoredxx |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/30126 https://github.com/gentoo/gentoo/pull/31311 |
||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 904728 | ||
Bug Blocks: | 890746 |
Description
Vaibhav Rustagi
2023-03-14 16:24:36 UTC
PR with the version bump: https://github.com/gentoo/gentoo/pull/30126 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=343a6915ac7d7f3ea023356f1af72d85e7db4f5a commit 343a6915ac7d7f3ea023356f1af72d85e7db4f5a Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:35:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:26 +0000 app-editors/gvim: version bump to v9.0.1403. This resolves CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Closes: https://github.com/gentoo/gentoo/pull/30126 Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 1 + app-editors/gvim/gvim-9.0.1403.ebuild | 378 ++++++++++++++++++++++++++++++++++ 2 files changed, 379 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b71e739479c33bcb561b6305f0d2df8f3f7ab480 commit b71e739479c33bcb561b6305f0d2df8f3f7ab480 Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:33:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:25 +0000 app-editors/vim-core: version bump to v9.0.1403. This resolves CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-9.0.1403.ebuild | 241 ++++++++++++++++++++++++++ 2 files changed, 242 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38ad187c29e86a5f6dffb2a717d8f11af07b78cd commit 38ad187c29e86a5f6dffb2a717d8f11af07b78cd Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:29:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:25 +0000 app-editors/vim: version bump to v9.0.1403. This is needed to resolve CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-9.0.1403.ebuild | 382 ++++++++++++++++++++++++++++++++++++ 2 files changed, 383 insertions(+) CVE-2023-1355 (https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVE-2023-1264 (https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVE-2023-1175 (https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba): Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVE-2023-1170 (https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c): Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. CVE-2023-1127 (https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c): Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-0512 (https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835): Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6495efe9d7ce182d8d815c9da1afedfb2484782a commit 6495efe9d7ce182d8d815c9da1afedfb2484782a Author: Oskari Pirhonen <xxc3ncoredxx@gmail.com> AuthorDate: 2023-06-05 03:08:44 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 03:40:32 +0000 app-editors/vim-core: drop 9.0.1157 Bug: https://bugs.gentoo.org/890746 Bug: https://bugs.gentoo.org/901229 Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/31311 Signed-off-by: John Helmert III <ajak@gentoo.org> app-editors/vim-core/Manifest | 1 - app-editors/vim-core/vim-core-9.0.1157.ebuild | 231 -------------------------- 2 files changed, 232 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2906762a0e6856e9dda44e15fb3117fd05847778 commit 2906762a0e6856e9dda44e15fb3117fd05847778 Author: Oskari Pirhonen <xxc3ncoredxx@gmail.com> AuthorDate: 2023-06-05 03:07:10 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 03:40:31 +0000 app-editors/vim: drop 9.0.1157 Bug: https://bugs.gentoo.org/890746 Bug: https://bugs.gentoo.org/901229 Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> Signed-off-by: John Helmert III <ajak@gentoo.org> app-editors/vim/Manifest | 1 - app-editors/vim/vim-9.0.1157.ebuild | 371 ------------------------------------ 2 files changed, 372 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9cdc7acfab3a8a8c690fac439ada0abbb94705b5 commit 9cdc7acfab3a8a8c690fac439ada0abbb94705b5 Author: Oskari Pirhonen <xxc3ncoredxx@gmail.com> AuthorDate: 2023-06-05 03:04:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-06-09 03:40:29 +0000 app-editors/gvim: drop 9.0.1157 Bug: https://bugs.gentoo.org/890746 Bug: https://bugs.gentoo.org/901229 Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com> Signed-off-by: John Helmert III <ajak@gentoo.org> app-editors/gvim/Manifest | 1 - app-editors/gvim/gvim-9.0.1157.ebuild | 359 ---------------------------------- 2 files changed, 360 deletions(-) Just huntr.dev bugs, all done! |