CVE-2023-1127: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-1175: Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVE-2023-1170: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Updating the version to latest tag in vim repository will resolve the vulnerabilities. Will soon send a PR for this.
PR with the version bump: https://github.com/gentoo/gentoo/pull/30126
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=343a6915ac7d7f3ea023356f1af72d85e7db4f5a commit 343a6915ac7d7f3ea023356f1af72d85e7db4f5a Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:35:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:26 +0000 app-editors/gvim: version bump to v9.0.1403. This resolves CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Closes: https://github.com/gentoo/gentoo/pull/30126 Signed-off-by: Sam James <sam@gentoo.org> app-editors/gvim/Manifest | 1 + app-editors/gvim/gvim-9.0.1403.ebuild | 378 ++++++++++++++++++++++++++++++++++ 2 files changed, 379 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b71e739479c33bcb561b6305f0d2df8f3f7ab480 commit b71e739479c33bcb561b6305f0d2df8f3f7ab480 Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:33:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:25 +0000 app-editors/vim-core: version bump to v9.0.1403. This resolves CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim-core/Manifest | 1 + app-editors/vim-core/vim-core-9.0.1403.ebuild | 241 ++++++++++++++++++++++++++ 2 files changed, 242 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38ad187c29e86a5f6dffb2a717d8f11af07b78cd commit 38ad187c29e86a5f6dffb2a717d8f11af07b78cd Author: Vaibhav Rustagi <vaibhavrustagi@google.com> AuthorDate: 2023-03-14 16:29:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-22 01:18:25 +0000 app-editors/vim: version bump to v9.0.1403. This is needed to resolve CVE-2023-1127, CVE-2023-1175 and CVE-2023-1170. Bug: https://bugs.gentoo.org/901229 Signed-off-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Signed-off-by: Sam James <sam@gentoo.org> app-editors/vim/Manifest | 1 + app-editors/vim/vim-9.0.1403.ebuild | 382 ++++++++++++++++++++++++++++++++++++ 2 files changed, 383 insertions(+)
CVE-2023-1355 (https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. CVE-2023-1264 (https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6): NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. CVE-2023-1175 (https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba): Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. CVE-2023-1170 (https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c): Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. CVE-2023-1127 (https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c): Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. CVE-2023-0512 (https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835): Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
