| Message ID | 20220518212740.464658-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/vim: security bump to version 8.2.4980 | expand |
On Wed, 18 May 2022 23:27:40 +0200 Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote: > Fix CVE-2022-1619: Heap-based Buffer Overflow in function > cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This > vulnerabilities are capable of crashing software, modify memory, and > possible remote execution > > Fix CVE-2022-1620: NULL Pointer Dereference in function > vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior > to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at > regexp.c:2729 allows attackers to cause a denial of service (application > crash) via a crafted input. > > Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in > GitHub repository vim/vim prior to 8.2.4919. This vulnerability is > capable of crashing software, Bypass Protection Mechanism, Modify > Memory, and possible remote execution > > Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in > GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are > capable of crashing software, Modify Memory, and possible remote > execution > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > --- > package/vim/vim.hash | 2 +- > package/vim/vim.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master, thanks. Thomas
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2022-1619: Heap-based Buffer Overflow in function > cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This > vulnerabilities are capable of crashing software, modify memory, and > possible remote execution > Fix CVE-2022-1620: NULL Pointer Dereference in function > vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior > to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at > regexp.c:2729 allows attackers to cause a denial of service (application > crash) via a crafted input. > Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in > GitHub repository vim/vim prior to 8.2.4919. This vulnerability is > capable of crashing software, Bypass Protection Mechanism, Modify > Memory, and possible remote execution > Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in > GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are > capable of crashing software, Modify Memory, and possible remote > execution > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2022.02.x, thanks.
diff --git a/package/vim/vim.hash b/package/vim/vim.hash index 1cd0de9991..9d61d6fc87 100644 --- a/package/vim/vim.hash +++ b/package/vim/vim.hash @@ -1,4 +1,4 @@ # Locally computed -sha256 f2755fca3b2f47052166dd601a38411b9adbeca0d43885194db8ada4d1a171a3 vim-8.2.4843.tar.gz +sha256 5606a3c62dba038f4c4f2eddb305ffccbae58a7bfd569bdb8100f524564c8a32 vim-8.2.4980.tar.gz sha256 0bcab3b635dd39208c42b496568d1e8171dad247cf3da5bab3d750c9d5883499 LICENSE sha256 96970b67f9cb38b0e759946cff22562a3c4b11ce78f62f2117d5e7ecded9ab4d README.txt diff --git a/package/vim/vim.mk b/package/vim/vim.mk index be96a08d09..9e70360b90 100644 --- a/package/vim/vim.mk +++ b/package/vim/vim.mk @@ -4,7 +4,7 @@ # ################################################################################ -VIM_VERSION = 8.2.4843 +VIM_VERSION = 8.2.4980 VIM_SITE = $(call github,vim,vim,v$(VIM_VERSION)) VIM_DEPENDENCIES = ncurses $(TARGET_NLS_DEPENDENCIES) VIM_SUBDIR = src
Fix CVE-2022-1619: Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution Fix CVE-2022-1620: NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/vim/vim.hash | 2 +- package/vim/vim.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)