rpms / vim

Clone
Source Code
GIT

3e779a import vim-8.0.1763-19.el8_6.4

Authored and Committed by centosrcm 2 years ago
raw patch tree parent
7 files changed. 403 lines added. 33 lines removed.
SOURCES/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
file added
+22
SOURCES/0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
file added
+57
SOURCES/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
file added
+15
SOURCES/0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
file added
+57
SOURCES/0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
file added
+120
SOURCES/0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
file added
+85
SPECS/vim.spec
file modified
+47 -33 
    import vim-8.0.1763-19.el8_6.4
file added
+22
SOURCES/0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch ADDED
@@ -0,0 +1,22 @@
1
+ diff -up vim80/src/regexp.c.cve1154 vim80/src/regexp.c
2
+ --- vim80/src/regexp.c.cve1154 2022-04-09 12:01:30.054452927 +0200
3
+ +++ vim80/src/regexp.c 2022-04-09 12:02:48.987999877 +0200
4
+ @@ -4415,8 +4415,17 @@ regmatch(
5
+ int mark = OPERAND(scan)[0];
6
+ int cmp = OPERAND(scan)[1];
7
+ pos_T *pos;
8
+ + size_t col = REG_MULTI ? reginput - regline : 0;
9
+
10
+ pos = getmark_buf(rex.reg_buf, mark, FALSE);
11
+ +
12
+ + // Line may have been freed, get it again.
13
+ + if (REG_MULTI)
14
+ + {
15
+ + regline = reg_getline(reglnum);
16
+ + reginput = regline + col;
17
+ + }
18
+ +
19
+ if (pos == NULL /* mark doesn't exist */
20
+ || pos->lnum <= 0 /* mark isn't set in reg_buf */
21
+ || (pos->lnum == reglnum + rex.reg_firstlnum
22
+ diff -up vim80/src/testdir/test_regexp_latin.vim.cve1154 vim80/src/testdir/test_regexp_latin.vim
file added
+57
SOURCES/0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch ADDED
@@ -0,0 +1,57 @@
1
+ diff --git a/src/globals.h b/src/globals.h
2
+ index d5320d7..968ba33 100644
3
+ --- a/src/globals.h
4
+ +++ b/src/globals.h
5
+ @@ -1657,6 +1657,11 @@ EXTERN int *eval_lavars_used INIT(= NULL);
6
+ EXTERN int ctrl_break_was_pressed INIT(= FALSE);
7
+ #endif
8
+
9
+ +#ifdef FEAT_SPELL
10
+ +EXTERN char e_illegal_character_in_word[]
11
+ + INIT(= N_("E1280: Illegal character in word"));
12
+ +#endif
13
+ +
14
+ /*
15
+ * Optional Farsi support. Include it here, so EXTERN and INIT are defined.
16
+ */
17
+ diff --git a/src/mbyte.c b/src/mbyte.c
18
+ index 6d21f11..a7531f1 100644
19
+ --- a/src/mbyte.c
20
+ +++ b/src/mbyte.c
21
+ @@ -4034,7 +4034,7 @@ theend:
22
+ convert_setup(&vimconv, NULL, NULL);
23
+ }
24
+
25
+ -#if defined(FEAT_GUI_GTK) || defined(PROTO)
26
+ +#if defined(FEAT_GUI_GTK) || defined(FEAT_SPELL) || defined(PROTO)
27
+ /*
28
+ * Return TRUE if string "s" is a valid utf-8 string.
29
+ * When "end" is NULL stop at the first NUL.
30
+ diff --git a/src/spellfile.c b/src/spellfile.c
31
+ index 496e07f..92997ef 100644
32
+ --- a/src/spellfile.c
33
+ +++ b/src/spellfile.c
34
+ @@ -4441,6 +4441,10 @@ store_word(
35
+ int res = OK;
36
+ char_u *p;
37
+
38
+ + // Avoid adding illegal bytes to the word tree.
39
+ + if (enc_utf8 && !utf_valid_string(word, NULL))
40
+ + return FAIL;
41
+ +
42
+ (void)spell_casefold(word, len, foldword, MAXWLEN);
43
+ for (p = pfxlist; res == OK; ++p)
44
+ {
45
+ @@ -6251,6 +6255,12 @@ spell_add_word(
46
+ int i;
47
+ char_u *spf;
48
+
49
+ + if (enc_utf8 && !utf_valid_string(word, NULL))
50
+ + {
51
+ + EMSG(_(e_illegal_character_in_word));
52
+ + return;
53
+ + }
54
+ +
55
+ if (idx == 0) /* use internal wordlist */
56
+ {
57
+ if (int_wordlist == NULL)
file added
+15
SOURCES/0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch ADDED
@@ -0,0 +1,15 @@
1
+ diff -up vim80/src/search.c.cve1629 vim80/src/search.c
2
+ --- vim80/src/search.c.cve1629 2022-05-24 13:55:06.789859865 +0200
3
+ +++ vim80/src/search.c 2022-05-24 13:56:31.889218958 +0200
4
+ @@ -4349,7 +4349,11 @@ find_next_quote(
5
+ if (c == NUL)
6
+ return -1;
7
+ else if (escape != NULL && vim_strchr(escape, c))
8
+ + {
9
+ ++col;
10
+ + if (line[col] == NUL)
11
+ + return -1;
12
+ + }
13
+ else if (c == quotechar)
14
+ break;
15
+ #ifdef FEAT_MBYTE
file added
+57
SOURCES/0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch ADDED
@@ -0,0 +1,57 @@
1
+ diff -up vim80/src/ex_cmds.c.cve1785 vim80/src/ex_cmds.c
2
+ --- vim80/src/ex_cmds.c.cve1785 2022-06-10 10:46:33.818286626 +0200
3
+ +++ vim80/src/ex_cmds.c 2022-06-10 10:58:04.009515524 +0200
4
+ @@ -5486,12 +5486,17 @@ do_sub(exarg_T *eap)
5
+ /* Save flags for recursion. They can change for e.g.
6
+ * :s/^/\=execute("s#^##gn") */
7
+ subflags_save = subflags;
8
+ +
9
+ + // Disallow changing text or switching window in an expression.
10
+ + ++textlock;
11
+ #endif
12
+ /* get length of substitution part */
13
+ sublen = vim_regsub_multi(&regmatch,
14
+ sub_firstlnum - regmatch.startpos[0].lnum,
15
+ sub, sub_firstline, FALSE, p_magic, TRUE);
16
+ #ifdef FEAT_EVAL
17
+ + --textlock;
18
+ +
19
+ /* Don't keep flags set by a recursive call. */
20
+ subflags = subflags_save;
21
+ if (subflags.do_count)
22
+ @@ -5570,9 +5575,15 @@ do_sub(exarg_T *eap)
23
+ mch_memmove(new_end, sub_firstline + copycol, (size_t)copy_len);
24
+ new_end += copy_len;
25
+
26
+ +#ifdef FEAT_EVAL
27
+ + ++textlock;
28
+ +#endif
29
+ (void)vim_regsub_multi(&regmatch,
30
+ sub_firstlnum - regmatch.startpos[0].lnum,
31
+ sub, new_end, TRUE, p_magic, TRUE);
32
+ +#ifdef FEAT_EVAL
33
+ + --textlock;
34
+ +#endif
35
+ sub_nsubs++;
36
+ did_sub = TRUE;
37
+
38
+ diff -up vim80/src/testdir/test_substitute.vim.cve1785 vim80/src/testdir/test_substitute.vim
39
+ --- vim80/src/testdir/test_substitute.vim.cve1785 2022-06-10 10:46:33.818286626 +0200
40
+ +++ vim80/src/testdir/test_substitute.vim 2022-06-10 10:59:17.168437630 +0200
41
+ @@ -500,3 +500,16 @@ func Test_sub_cmd_8()
42
+ enew!
43
+ set titlestring&
44
+ endfunc
45
+ +
46
+ +" This was switching windows in between computing the length and using it.
47
+ +func Test_sub_change_window()
48
+ + silent! lfile
49
+ + sil! norm o0000000000000000000000000000000000000000000000000000
50
+ + func Repl()
51
+ + lopen
52
+ + endfunc
53
+ + silent! s/\%')/\=Repl()
54
+ + bwipe!
55
+ + bwipe!
56
+ + delfunc Repl
57
+ +endfunc
file added
+120
SOURCES/0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch ADDED
@@ -0,0 +1,120 @@
1
+ diff -up vim80/src/normal.c.cve1897 vim80/src/normal.c
2
+ --- vim80/src/normal.c.cve1897 2022-06-13 14:50:22.800290132 +0200
3
+ +++ vim80/src/normal.c 2022-06-13 14:55:06.082861349 +0200
4
+ @@ -532,6 +532,22 @@ find_command(int cmdchar)
5
+ }
6
+
7
+ /*
8
+ + * If currently editing a cmdline or text is locked: beep and give an error
9
+ + * message, return TRUE.
10
+ + */
11
+ + static int
12
+ +check_text_locked(oparg_T *oap)
13
+ +{
14
+ + if (text_locked())
15
+ + {
16
+ + clearopbeep(oap);
17
+ + text_locked_msg();
18
+ + return TRUE;
19
+ + }
20
+ + return FALSE;
21
+ +}
22
+ +
23
+ +/*
24
+ * Execute a command in Normal mode.
25
+ */
26
+ void
27
+ @@ -792,14 +808,9 @@ getcount:
28
+ goto normal_end;
29
+ }
30
+
31
+ - if (text_locked() && (nv_cmds[idx].cmd_flags & NV_NCW))
32
+ - {
33
+ - /* This command is not allowed while editing a cmdline: beep. */
34
+ - clearopbeep(oap);
35
+ - text_locked_msg();
36
+ - goto normal_end;
37
+ - }
38
+ - if ((nv_cmds[idx].cmd_flags & NV_NCW) && curbuf_locked())
39
+ + if ((nv_cmds[idx].cmd_flags & NV_NCW)
40
+ + && (check_text_locked(oap) || curbuf_locked()))
41
+ + // this command is not allowed now
42
+ goto normal_end;
43
+
44
+ /*
45
+ @@ -6234,12 +6245,8 @@ nv_gotofile(cmdarg_T *cap)
46
+ char_u *ptr;
47
+ linenr_T lnum = -1;
48
+
49
+ - if (text_locked())
50
+ - {
51
+ - clearopbeep(cap->oap);
52
+ - text_locked_msg();
53
+ + if (check_text_locked(cap->oap))
54
+ return;
55
+ - }
56
+ if (curbuf_locked())
57
+ {
58
+ clearop(cap->oap);
59
+ @@ -8420,14 +8427,7 @@ nv_g_cmd(cmdarg_T *cap)
60
+
61
+ /* "gQ": improved Ex mode */
62
+ case 'Q':
63
+ - if (text_locked())
64
+ - {
65
+ - clearopbeep(cap->oap);
66
+ - text_locked_msg();
67
+ - break;
68
+ - }
69
+ -
70
+ - if (!checkclearopq(oap))
71
+ + if (!check_text_locked(cap->oap) && !checkclearopq(oap))
72
+ do_exmode(TRUE);
73
+ break;
74
+
75
+ diff -up vim80/src/testdir/test_substitute.vim.cve1897 vim80/src/testdir/test_substitute.vim
76
+ --- vim80/src/testdir/test_substitute.vim.cve1897 2022-06-13 14:50:22.849290402 +0200
77
+ +++ vim80/src/testdir/test_substitute.vim 2022-06-13 14:55:50.370111134 +0200
78
+ @@ -513,3 +513,26 @@ func Test_sub_change_window()
79
+ bwipe!
80
+ delfunc Repl
81
+ endfunc
82
+ +
83
+ +" This was undoign a change in between computing the length and using it.
84
+ +func Do_Test_sub_undo_change()
85
+ + new
86
+ + norm o0000000000000000000000000000000000000000000000000000
87
+ + silent! s/\%')/\=Repl()
88
+ + bwipe!
89
+ +endfunc
90
+ +
91
+ +func Test_sub_undo_change()
92
+ + func Repl()
93
+ + silent! norm g-
94
+ + endfunc
95
+ + call Do_Test_sub_undo_change()
96
+ +
97
+ + func! Repl()
98
+ + silent earlier
99
+ + endfunc
100
+ + call Do_Test_sub_undo_change()
101
+ +
102
+ + delfunc Repl
103
+ +endfunc
104
+ +
105
+ diff -up vim80/src/undo.c.cve1897 vim80/src/undo.c
106
+ --- vim80/src/undo.c.cve1897 2022-06-13 14:50:22.849290402 +0200
107
+ +++ vim80/src/undo.c 2022-06-13 14:56:57.916492090 +0200
108
+ @@ -2283,6 +2283,12 @@ undo_time(
109
+ if (curbuf->b_u_synced == FALSE)
110
+ u_sync(TRUE);
111
+
112
+ + if (text_locked())
113
+ + {
114
+ + text_locked_msg();
115
+ + return;
116
+ + }
117
+ +
118
+ u_newcount = 0;
119
+ u_oldcount = 0;
120
+ if (curbuf->b_ml.ml_flags & ML_EMPTY)
file added
+85
SOURCES/0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch ADDED
@@ -0,0 +1,85 @@
1
+ diff -up vim80/src/ex_docmd.c.cve1927 vim80/src/ex_docmd.c
2
+ --- vim80/src/ex_docmd.c.cve1927 2022-06-13 16:31:41.841068554 +0200
3
+ +++ vim80/src/ex_docmd.c 2022-06-13 16:37:02.789876973 +0200
4
+ @@ -1720,6 +1720,8 @@ do_one_cmd(
5
+ int ni; /* set when Not Implemented */
6
+ char_u *cmd;
7
+ int address_count = 1;
8
+ + int need_check_cursor = FALSE;
9
+ + int ret_addr = FAIL;
10
+
11
+ vim_memset(&ea, 0, sizeof(ea));
12
+ ea.line1 = 1;
13
+ @@ -2084,7 +2086,7 @@ do_one_cmd(
14
+ lnum = get_address(&ea, &ea.cmd, ea.addr_type, ea.skip,
15
+ ea.addr_count == 0, address_count++);
16
+ if (ea.cmd == NULL) /* error detected */
17
+ - goto doend;
18
+ + goto addr_end;
19
+ if (lnum == MAXLNUM)
20
+ {
21
+ if (*ea.cmd == '%') /* '%' - all lines */
22
+ @@ -2128,12 +2130,12 @@ do_one_cmd(
23
+ /* there is no Vim command which uses '%' and
24
+ * ADDR_WINDOWS or ADDR_TABS */
25
+ errormsg = (char_u *)_(e_invrange);
26
+ - goto doend;
27
+ + goto addr_end;
28
+ }
29
+ break;
30
+ case ADDR_TABS_RELATIVE:
31
+ errormsg = (char_u *)_(e_invrange);
32
+ - goto doend;
33
+ + goto addr_end;
34
+ break;
35
+ case ADDR_ARGUMENTS:
36
+ if (ARGCOUNT == 0)
37
+ @@ -2163,7 +2165,7 @@ do_one_cmd(
38
+ if (ea.addr_type != ADDR_LINES)
39
+ {
40
+ errormsg = (char_u *)_(e_invrange);
41
+ - goto doend;
42
+ + goto addr_end;
43
+ }
44
+
45
+ ++ea.cmd;
46
+ @@ -2171,11 +2173,11 @@ do_one_cmd(
47
+ {
48
+ fp = getmark('<', FALSE);
49
+ if (check_mark(fp) == FAIL)
50
+ - goto doend;
51
+ + goto addr_end;
52
+ ea.line1 = fp->lnum;
53
+ fp = getmark('>', FALSE);
54
+ if (check_mark(fp) == FAIL)
55
+ - goto doend;
56
+ + goto addr_end;
57
+ ea.line2 = fp->lnum;
58
+ ++ea.addr_count;
59
+ }
60
+ @@ -2190,8 +2192,11 @@ do_one_cmd(
61
+ if (!ea.skip)
62
+ {
63
+ curwin->w_cursor.lnum = ea.line2;
64
+ +
65
+ /* don't leave the cursor on an illegal line or column */
66
+ + // Check the cursor position before returning.
67
+ check_cursor();
68
+ + need_check_cursor = TRUE;
69
+ }
70
+ }
71
+ else if (*ea.cmd != ',')
72
+ @@ -2208,6 +2213,13 @@ do_one_cmd(
73
+ ea.addr_count = 0;
74
+ }
75
+
76
+ + ret_addr = OK;
77
+ +
78
+ +addr_end:
79
+ + if (need_check_cursor)
80
+ + check_cursor();
81
+ + if (ret_addr == FAIL)
82
+ + goto doend;
83
+ /*
84
+ * 5. Parse the command.
85
+ */
file modified
+47 -33
SPECS/vim.spec CHANGED
@@ -24,7 +24,7 @@ Summary: The VIM editor
24
24
URL: http://www.vim.org/
25
25
Name: vim
26
26
Version: %{baseversion}.%{patchlevel}
27
- Release: 16%{?dist}.12
27
+ Release: 19%{?dist}.4
28
28
License: Vim and MIT
29
29
Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
30
30
Source1: vim.sh
@@ -75,9 +75,9 @@ Patch3019: 0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch
75
75
Patch3020: vim-crypto-warning.patch
76
76
# 1842755 - CVE-2019-20807
77
77
Patch3021: 0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch
78
- # 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
78
+ # 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
79
79
Patch3022: vim-cve3796.patch
80
- # 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
80
+ # 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
81
81
Patch3023: vim-cve3778-fix.patch
82
82
Patch3024: 0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch
83
83
# 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
@@ -100,6 +100,18 @@ Patch3032: 0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch
100
100
Patch3033: 0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch
101
101
# CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
102
102
Patch3034: 0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch
103
+ # CVE-2022-1154 vim: use after free in utf_ptr2char
104
+ Patch3035: 0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch
105
+ # CVE-2022-1621 vim: heap buffer overflow
106
+ Patch3036: 0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch
107
+ # CVE-2022-1629 vim: buffer over-read
108
+ Patch3037: 0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch
109
+ # CVE-2022-1785 vim: Out-of-bounds Write
110
+ Patch3038: 0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch
111
+ # CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
112
+ Patch3039: 0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch
113
+ # CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
114
+ Patch3040: 0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch
103
115
104
116
# gcc is no longer in buildroot by default
105
117
BuildRequires: gcc
@@ -311,6 +323,12 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
311
323
%patch3032 -p1 -b .cve0392
312
324
%patch3033 -p1 -b .cve0413
313
325
%patch3034 -p1 -b .cve0361
326
+ %patch3035 -p1 -b .cve1154
327
+ %patch3036 -p1 -b .cve1621
328
+ %patch3037 -p1 -b .cve1629
329
+ %patch3038 -p1 -b .cve1785
330
+ %patch3039 -p1 -b .cve1897
331
+ %patch3040 -p1 -b .cve1927
314
332
315
333
%build
316
334
%if 0%{?rhel} > 7
@@ -829,54 +847,50 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
829
847
%{_datadir}/icons/locolor/*/apps/*
830
848
831
849
%changelog
832
- * Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.12
833
- - CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
850
+ * Tue Jun 14 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.4
851
+ - fix issue reported by covscan
834
852
835
- * Fri Feb 04 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.11
836
- - CVE-2022-0413 vim: use after free in src/ex_cmds.c
837
- - Fix specfile problems
838
- - Resolves: rhbz#2048525
853
+ * Mon Jun 13 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.3
854
+ - CVE-2022-1785 vim: Out-of-bounds Write
855
+ - CVE-2022-1897 vim: out-of-bounds write in vim_regsub_both() in regexp.c
856
+ - CVE-2022-1927 vim: buffer over-read in utf_ptr2char() in mbyte.c
839
857
840
- * Thu Feb 03 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.10
841
- - CVE-2022-0413 vim: use after free in src/ex_cmds.c
842
- - Resolves: rhbz#2048525
858
+ * Wed May 25 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.2
859
+ - CVE-2022-1621 vim: heap buffer overflow
860
+ - CVE-2022-1629 vim: buffer over-read
843
861
844
- * Wed Feb 02 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.9
845
- - CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
862
+ * Sat Apr 09 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19.1
863
+ - CVE-2022-1154 vim: use after free in utf_ptr2char
846
- - Improve fix
847
- - Resolves: rhbz#2049403
848
864
849
- * Wed Feb 02 2022 Tomas Korbar <tkorbar@redhat.com> - 2:8.0.1763-16.8
850
- - CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
865
+ * Tue Feb 08 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-19
866
+ - CVE-2022-0361 vim: Heap-based Buffer Overflow in GitHub repository
851
- - Resolves: rhbz#2049403
852
867
853
- * Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.7
854
- - CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
868
+ * Mon Feb 07 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
869
+ - CVE-2022-0392 vim: heap-based buffer overflow in getexmodeline() in ex_getln.c
870
+ - CVE-2022-0413 vim: use after free in src/ex_cmds.c
855
871
856
- * Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.6
872
+ * Thu Jan 27 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
857
873
- fix test suite after fix for CVE-2022-0318
874
+ - CVE-2022-0359 vim: heap-based buffer overflow in init_ccline() in ex_getln.c
858
875
859
- * Wed Jan 26 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.5
876
+ * Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
860
877
- CVE-2022-0261 vim: Heap-based Buffer Overflow in block_insert() in src/ops.c
861
878
- CVE-2022-0318 vim: heap-based buffer overflow in utf_head_off() in mbyte.c
862
879
863
- * Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.4
880
+ * Wed Jan 12 2022 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
864
881
- CVE-2021-4193 vim: vulnerable to Out-of-bounds Read
865
882
- CVE-2021-4192 vim: vulnerable to Use After Free
866
883
867
- * Fri Dec 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.3
884
+ * Fri Dec 03 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-18
868
885
- 2028341 - CVE-2021-3984 vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow [rhel-8.6.0]
869
886
- 2028430 - CVE-2021-4019 vim: heap-based buffer overflow in find_help_tags() in src/help.c [rhel-8.6.0]
870
887
871
- * Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.2
872
- - remove the upstream test - uses a feature which is not presented in RHEL 8
888
+ * Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-17
889
+ - 2016201 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
873
-
874
- * Tue Oct 26 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16.1
875
- - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c [rhel-8.6.0]
876
890
877
- * Mon Sep 20 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
878
- - 2004974 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.5.0]
879
- - 2004891 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.5.0]
891
+ * Thu Sep 23 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-16
892
+ - 2004975 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c [rhel-8.6.0]
893
+ - 2004892 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c [rhel-8.6.0]
880
894
881
895
* Tue Jun 02 2020 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.0.1763-15
882
896
- 1842755 - CVE-2019-20807

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation