CVE-2022-3153 (https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. Patch is indeed 9.0.0404! https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de Starting a new bug since it looks like these won't be stopping, and a PR is in progress to fix the other one.
CVE-2022-3235 (https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af): https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0 Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-3234 (https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da): https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-3278 (https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612): https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. CVE-2022-3256 (https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3): https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad Use After Free in GitHub repository vim/vim prior to 9.0.0530. CVE descriptions are correct.
CVE-2022-3296 (https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077): Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVE-2022-3297 (https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c): Use After Free in GitHub repository vim/vim prior to 9.0.0579.
CVE-2022-3324 (https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c): https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
CVE-2022-3352 (https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60): https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 Use After Free in GitHub repository vim/vim prior to 9.0.0614. CVE-2022-1725 (https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c): https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eebfa7a4cec15ae7748ef402bdd23a8792b1ba05 commit eebfa7a4cec15ae7748ef402bdd23a8792b1ba05 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-04 13:34:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-04 13:34:15 +0000 app-editors/vim: add 9.0.0655 Bug: https://bugs.gentoo.org/869359 Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-9.0.0655.ebuild | 370 ++++++++++++++++++++++++++++++++++++ 2 files changed, 371 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=295851a71fabb9ffeb78c313b2eeaf506906a593 commit 295851a71fabb9ffeb78c313b2eeaf506906a593 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-04 13:33:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-04 13:33:24 +0000 app-editors/gvim: add 9.0.0655 Bug: https://bugs.gentoo.org/869359 Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 1 + app-editors/gvim/gvim-9.0.0655.ebuild | 365 ++++++++++++++++++++++++++++++++++ 2 files changed, 366 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8c9920ee622755bf6c61b1347a6883be5dd06c75 commit 8c9920ee622755bf6c61b1347a6883be5dd06c75 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-10-04 13:31:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-10-04 13:31:57 +0000 app-editors/vim-core: add 9.0.0655 Bug: https://bugs.gentoo.org/869359 Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-9.0.0655.ebuild | 230 ++++++++++++++++++++++++++ 2 files changed, 231 insertions(+)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=57791e0ecfc392428cba8ab5152bafbd79e57d46 commit 57791e0ecfc392428cba8ab5152bafbd79e57d46 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 10:03:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 10:05:28 +0000 [ GLSA 202305-16 ] Vim, gVim: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/851231 Bug: https://bugs.gentoo.org/861092 Bug: https://bugs.gentoo.org/869359 Bug: https://bugs.gentoo.org/879257 Bug: https://bugs.gentoo.org/883681 Bug: https://bugs.gentoo.org/889730 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-16.xml | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 155 insertions(+)
