[Bug 2013211] Re: Forward-port security fixes to Lunar

Launchpad Bug Tracker 2013211 at bugs.launchpad.net
Sat Apr 1 07:18:54 UTC 2023 

This bug was fixed in the package vim - 2:9.0.1000-4ubuntu3

---------------
vim (2:9.0.1000-4ubuntu3) lunar; urgency=medium

  * Security upload for the devel series (LP: #2013211)
  * SECURITY UPDATE: reading past the end of a line when formatting text
    - debian/patches/CVE-2023-0433.patch: check for not going over the end of
      the line.
    - CVE-2023-0433
  * SECURITY UPDATE: divide by zero issue
    - debian/patches/CVE-2023-0512.patch: divide by zero with 'smoothscroll'
      set and a narrow window
    - debian/patches/CVE-2023-1127.patch: divide by zero in zero-width window
    - CVE-2023-0512
    - CVE-2023-1127
  * SECURITY UPDATE: heap based buffer overflow vulnerability
    - debian/patches/CVE-2023-1170.patch: accessing invalid memory with put
      in Visual block mode
    - CVE-2023-1170
  * SECURITY UPDATE: incorrect calculation of buffer size
    - debian/patches/CVE-2023-1175.patch: illegal memory access when using
      virtual editing
    - CVE-2023-1175
  * SECURITY UPDATE: NULL pointer dereference vulnerability
    - debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
      :open command
    - CVE-2023-1264

 -- Nishit Majithia <nishit.majithia at canonical.com>  Wed, 29 Mar 2023
18:19:19 +0530

** Changed in: vim (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0433

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0512

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1127

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1170

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1175

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1264

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to vim in Ubuntu.
https://bugs.launchpad.net/bugs/2013211

Title:
  Forward-port security fixes to Lunar

Status in vim package in Ubuntu:
  Fix Released

Bug description:
  There's been a bunch of security patches to the Kinetic version of
  vim, those need to be applied to Lunar as well:

  * CVE-2033-0433
  * CVE-2023-1170
  * CVE-2023-1175
  * CVE-2023-1264

  In addition, the following only affect the version in Lunar:

  * CVE-2023-0512
  * CVE-2023-1127

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/2013211/+subscriptions

More information about the foundations-bugs mailing list