Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 906109 (CVE-2023-2609, CVE-2023-2610)

Summary: <app-editors/vim-9.0.1627: multiple "vulnerabilities"
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: ajak, gentoo, proxy-maint, vim, xxc3ncoredxx
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/31541
https://github.com/gentoo/gentoo/pull/32190
https://github.com/gentoo/gentoo/pull/32216
Whiteboard: B4 [noglsa cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 913535    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-11 04:26:19 UTC
CVE-2023-2609 (https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad):

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.

CVE-2023-2610 (https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a):

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
Comment 1 Larry the Git Cow gentoo-dev 2023-06-21 07:04:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66156cb8007a8ee705a6a425693478753b33b86d

commit 66156cb8007a8ee705a6a425693478753b33b86d
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-06-19 04:37:36 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-06-21 07:03:43 +0000

    app-editors/vim-core: add 9.0.1627
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/31541
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-9.0.1627.ebuild | 231 ++++++++++++++++++++++++++
 2 files changed, 232 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=819cc012cafbc98a5ae68c8cb88b52d51967fd0a

commit 819cc012cafbc98a5ae68c8cb88b52d51967fd0a
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-06-19 04:31:19 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-06-21 07:03:42 +0000

    app-editors/vim: add 9.0.1627
    
    Also drops the nonexistent blocker on vim-core 8.
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-9.0.1627.ebuild | 370 ++++++++++++++++++++++++++++++++++++
 2 files changed, 371 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65db5add7f6c8eafe99088836584194377ac6969

commit 65db5add7f6c8eafe99088836584194377ac6969
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-06-19 04:21:07 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-06-21 07:03:42 +0000

    app-editors/gvim: add 9.0.1627
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-9.0.1627.ebuild | 360 ++++++++++++++++++++++++++++++++++
 2 files changed, 361 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-22 04:32:21 UTC
Thanks! Please stabiliize when ready
Comment 3 Larry the Git Cow gentoo-dev 2023-08-07 05:43:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86deb4b86045532504c8ae85a9e5d67d8d6629df

commit 86deb4b86045532504c8ae85a9e5d67d8d6629df
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-08-06 03:09:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-08-07 05:35:19 +0000

    app-editors/vim-core: add 9.0.1677
    
    RIP Bram Moolenaar ;(
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/32190
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                 |   1 +
 app-editors/vim-core/vim-core-9.0.1677.ebuild | 231 ++++++++++++++++++++++++++
 2 files changed, 232 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a91de01ec6ffd94dfd502291fe21c7bb76812c38

commit a91de01ec6ffd94dfd502291fe21c7bb76812c38
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-08-06 03:08:41 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-08-07 05:35:19 +0000

    app-editors/vim: add 9.0.1677
    
    RIP Bram Moolenaar ;(
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest            |   1 +
 app-editors/vim/vim-9.0.1677.ebuild | 370 ++++++++++++++++++++++++++++++++++++
 2 files changed, 371 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a37524271579a6d6692ef1ce73f307569feb6dd

commit 7a37524271579a6d6692ef1ce73f307569feb6dd
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-08-06 03:06:29 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-08-07 05:35:19 +0000

    app-editors/gvim: add 9.0.1677
    
    RIP Bram Moolenaar ;(
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest             |   1 +
 app-editors/gvim/gvim-9.0.1677.ebuild | 360 ++++++++++++++++++++++++++++++++++
 2 files changed, 361 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2023-08-08 03:56:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36dc2b97608e67d18b631adf7e5deeb3f5dee1dd

commit 36dc2b97608e67d18b631adf7e5deeb3f5dee1dd
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-08-08 03:21:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-08-08 03:51:52 +0000

    app-editors/vim-core: add 9.0.1678, drop 9.0.1677
    
    Bram's final patch...
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/32216
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim-core/Manifest                                           | 2 +-
 .../vim-core/{vim-core-9.0.1677.ebuild => vim-core-9.0.1678.ebuild}     | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ccd792d6ae66ad95f8f3a91d14b2990ad5b81ec

commit 9ccd792d6ae66ad95f8f3a91d14b2990ad5b81ec
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-08-08 03:20:10 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-08-08 03:51:52 +0000

    app-editors/vim: add 9.0.1678, drop 9.0.1677
    
    Bram's final patch...
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/vim/Manifest                                     | 2 +-
 app-editors/vim/{vim-9.0.1677.ebuild => vim-9.0.1678.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aeb7ee49339684b450abef87a4dc79dab58a0420

commit aeb7ee49339684b450abef87a4dc79dab58a0420
Author:     Oskari Pirhonen <xxc3ncoredxx@gmail.com>
AuthorDate: 2023-08-08 03:17:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-08-08 03:51:52 +0000

    app-editors/gvim: add 9.0.1678, drop 9.0.1677
    
    Bram's final patch...
    
    Bug: https://bugs.gentoo.org/906109
    Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
    Signed-off-by: Sam James <sam@gentoo.org>

 app-editors/gvim/Manifest                                       | 2 +-
 app-editors/gvim/{gvim-9.0.1677.ebuild => gvim-9.0.1678.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)