vim 2:8.2.3995-1ubuntu2.15 source package in Ubuntu
Changelog
vim (2:8.2.3995-1ubuntu2.15) jammy-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL in more places. - CVE-2022-1725 * SECURITY UPDATE: denial of service - debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline(). - CVE-2022-1771 * SECURITY UPDATE: heap based buffer overflow vulnerability - debian/patches/CVE-2022-1886.patch: Check the length is more than zero. - CVE-2022-1886 * SECURITY UPDATE: out of bounds write vulnerability - debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute command. - CVE-2022-1897 * SECURITY UPDATE: out-of-bounds write - debian/patches/CVE-2022-2000.patch: addresses the potential for an overflow by adding a bounds check and truncating the message if needed. - CVE-2022-2000 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/CVE-2022-2042.patch: Initialize "attr". Check for empty line early. - CVE-2022-2042 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/CVE-2023-46246.patch: Check that the return value from the vim_str2nr() function is not larger than INT_MAX and if yes, bail out with an error. - CVE-2023-46246 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/CVE-2023-48231.patch: If the current window structure is no longer valid, fail and return before attempting to set win->w_closing variable. - CVE-2023-48231 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2023-48233.patch: If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. - CVE-2023-48233 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2023-48234.patch: When getting the count for a normal z command, it may overflow for large counts given. So verify, that we can safely store the result in a long. - CVE-2023-48234 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses one may unintentionally cause an overflow (because LONG_MAX - lnum will overflow for negative addresses). - CVE-2023-48235 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2023-48236.patch: When using the z= command, we may overflow the count with values larger than MAX_INT. So verify that we do not overflow and in case when an overflow is detected, simply return 0. - CVE-2023-48236 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2023-48237.patch: When shifting lines in operator pending mode and using a very large value, we may overflow the size of integer. Fix this by using a long variable, testing if the result would be larger than INT_MAX and if so, indent by INT_MAX value. - CVE-2023-48237 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/CVE-2023-48706.patch: ensure that the sub var always using allocated memory. - CVE-2023-48706 -- Fabian Toepfer <email address hidden> Tue, 05 Dec 2023 18:58:57 +0100
Upload details
- Uploaded by:
- Fabian Toepfer
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- editors
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
vim_8.2.3995.orig.tar.xz | 9.9 MiB | a9d4993d94a212c1e284fe19d7127508dc9c911cddaf91f2a6f72d0b9b71b8ce |
vim_8.2.3995-1ubuntu2.15.debian.tar.xz | 291.8 KiB | 460b3334f7b05f34d53a3c3b3dcf7725de44ed7eb42095a707158baebc8ff115 |
vim_8.2.3995-1ubuntu2.15.dsc | 3.0 KiB | 87e2d240f3331e8b425591c1a726c4b623794adb0992353d519bff152f7f0610 |
Available diffs
Binary packages built by this source
- vim: Vi IMproved - enhanced vi editor
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a rather
standard set of features. This package does not provide a GUI
version of Vim. See the other vim-* packages if you need more
(or less).
- vim-athena: Vi IMproved - enhanced vi editor - with Athena GUI
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a Athena GUI
and support for scripting with Lua, Perl, Python 3, and Tcl.
- vim-athena-dbgsym: debug symbols for vim-athena
- vim-common: Vi IMproved - Common files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains files shared by all non GUI-enabled vim variants
available in Debian. Examples of such shared files are: manpages and
configuration files.
- vim-dbgsym: debug symbols for vim
- vim-doc: Vi IMproved - HTML documentation
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains the HTML version of the online documentation. It is
built from the runtime/doc directory of the source tree.
- vim-gtk: Vi IMproved - enhanced vi editor (dummy package)
This is a transitional package to install the vim-gtk3 package. You may
remove this package if nothing depends on it.
- vim-gtk3: Vi IMproved - enhanced vi editor - with GTK3 GUI
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a GTK3 GUI
and support for scripting with Lua, Perl, Python 3, Ruby, and Tcl.
- vim-gtk3-dbgsym: debug symbols for vim-gtk3
- vim-gui-common: Vi IMproved - Common GUI files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains files shared by all GUI-enabled vim
variants available in Debian. Examples of such shared files are:
gvimtutor, icons, and desktop environments settings.
- vim-nox: Vi IMproved - enhanced vi editor - with scripting languages support
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with support for
scripting with Lua, Perl, Python 3, Ruby, and Tcl but no GUI.
- vim-nox-dbgsym: debug symbols for vim-nox
- vim-runtime: Vi IMproved - Runtime files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains vimtutor and the architecture independent runtime
files, used, if available, by all vim variants available in Debian.
Example of such runtime files are: online documentation, rules for
language-specific syntax highlighting and indentation, color schemes,
and standard plugins.
- vim-tiny: Vi IMproved - enhanced vi editor - compact version
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains a minimal version of Vim compiled with no GUI and
a small subset of features. This package's sole purpose is to provide
the vi binary for base installations.
.
If a vim binary is wanted, try one of the following more featureful
packages: vim, vim-nox, vim-athena, or vim-gtk3.
- vim-tiny-dbgsym: debug symbols for vim-tiny
- xxd: tool to make (or reverse) a hex dump
xxd creates a hex dump of a given file or standard input. It can also convert
a hex dump back to its original binary form.
- xxd-dbgsym: debug symbols for xxd