CVE-2021-3872: vim is vulnerable to Heap-based Buffer Overflow ... "if buffer name is very long" according to URL. Is this ever untrusted? Fix is in 8.2.3487 onward.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=232132d46b2087addb8f44c79eaf2561cce1927d commit 232132d46b2087addb8f44c79eaf2561cce1927d Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-29 12:59:16 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-29 13:02:39 +0000 app-editors/gvim: add 8.2.3567 Bug: https://bugs.gentoo.org/820692 Bug: https://bugs.gentoo.org/819528 Bug: https://bugs.gentoo.org/818562 Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 1 + app-editors/gvim/gvim-8.2.3567.ebuild | 383 ++++++++++++++++++++++++++++++++++ app-editors/gvim/gvim-9999.ebuild | 17 +- 3 files changed, 394 insertions(+), 7 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b32eb9c94042b14c041905bf8d4bc4d9a82a22c commit 9b32eb9c94042b14c041905bf8d4bc4d9a82a22c Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-29 12:56:33 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-29 13:02:38 +0000 app-editors/vim-core: add 8.2.3567 Bug: https://bugs.gentoo.org/820692 Bug: https://bugs.gentoo.org/819528 Bug: https://bugs.gentoo.org/818562 Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-8.2.3567.ebuild | 227 ++++++++++++++++++++++++++ app-editors/vim-core/vim-core-9999.ebuild | 12 +- 3 files changed, 234 insertions(+), 6 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d89e304ab79ba5080d76cfc2e5013f1f4534c315 commit d89e304ab79ba5080d76cfc2e5013f1f4534c315 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-29 12:51:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-29 13:02:36 +0000 app-editors/vim: add 8.2.3567 Bug: https://bugs.gentoo.org/820692 Bug: https://bugs.gentoo.org/819528 Bug: https://bugs.gentoo.org/818562 Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-8.2.3567.ebuild | 347 ++++++++++++++++++++++++++++++++++++ app-editors/vim/vim-9999.ebuild | 32 ++-- 3 files changed, 365 insertions(+), 15 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cee523fe648754bae0e4ed2a531da672ac5fa15 commit 2cee523fe648754bae0e4ed2a531da672ac5fa15 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-21 01:33:31 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-21 01:40:46 +0000 [ GLSA 202208-32 ] Vim, gVim: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/811870 Bug: https://bugs.gentoo.org/818562 Bug: https://bugs.gentoo.org/819528 Bug: https://bugs.gentoo.org/823473 Bug: https://bugs.gentoo.org/824930 Bug: https://bugs.gentoo.org/828583 Bug: https://bugs.gentoo.org/829658 Bug: https://bugs.gentoo.org/830106 Bug: https://bugs.gentoo.org/830994 Bug: https://bugs.gentoo.org/833572 Bug: https://bugs.gentoo.org/836432 Bug: https://bugs.gentoo.org/851231 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-32.xml | 168 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 168 insertions(+)
GLSA released, all done!