Publishing details
Changelog
vim (2:9.0.1000-4ubuntu3.2) lunar-security; urgency=medium
* SECURITY UPDATE: divide-by-zero vulnerability
- debian/patches/CVE-2023-3896-pre.patch: Adjust logic for scrolling to
avoid cursor moving to wrong line when 'foldmethod' is "diff".
- debian/patches/CVE-2023-3896.patch: Add check for width to avoid
division by zero in scroll_cursor_bot.
- CVE-2023-3896
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
reset_VIsual() in do_ecmd.
- CVE-2023-4733
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2023-4734.patch: Check for typeval correctly in
f_fullcommand.
- CVE-2023-4734
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
overflow in do_addsub.
- CVE-2023-4735
* SECURITY UPDATE: buffer overflow vulnerability
- debian/patches/CVE-2023-4738.patch: Check remaining space in
vim_regsub_both.
- CVE-2023-4738
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4750.patch: Check buffer is valid before
accessing it.
- CVE-2023-4750
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-4751.patch: Stop Visual mode when using :ball
to avoid illegal memory access.
- CVE-2023-4751
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4752.patch: validate buffer before accessing it
in ins_compl_get_exp.
- CVE-2023-4752
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-4781.patch: Disallow exchanging windows when
textlock is active in vim_regsub_both.
- CVE-2023-4781
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
trunc_string.
- CVE-2023-5344
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
in gui_do_scroll.
- CVE-2023-5441
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-5535.patch: block autocommands in
buf_contents_changed.
- CVE-2023-5535
-- Fabian Toepfer <email address hidden> Mon, 16 Oct 2023 17:44:49 +0200
Builds
Built packages
-
vim
Vi IMproved - enhanced vi editor
-
vim-athena
Vi IMproved - enhanced vi editor (dummy package)
-
vim-common
Vi IMproved - Common files
-
vim-dbgsym
debug symbols for vim
-
vim-doc
Vi IMproved - HTML documentation
-
vim-gtk3
Vi IMproved - enhanced vi editor - with GTK3 GUI
-
vim-gtk3-dbgsym
debug symbols for vim-gtk3
-
vim-gui-common
Vi IMproved - Common GUI files
-
vim-motif
Vi IMproved - enhanced vi editor - with Motif GUI
-
vim-motif-dbgsym
debug symbols for vim-motif
-
vim-nox
Vi IMproved - enhanced vi editor - with scripting languages support
-
vim-nox-dbgsym
debug symbols for vim-nox
-
vim-runtime
Vi IMproved - Runtime files
-
vim-tiny
Vi IMproved - enhanced vi editor - compact version
-
vim-tiny-dbgsym
debug symbols for vim-tiny
-
xxd
tool to make (or reverse) a hex dump
-
xxd-dbgsym
debug symbols for xxd
Package files