Bug#1016068: marked as done (vim: CVE-2022-2522)

Wed, 03 Aug 2022 16:39:19 -0700 

Your message dated Wed, 03 Aug 2022 23:35:06 +0000
with message-id <[email protected]>
and subject line Bug#1016068: fixed in vim 2:9.0.0135-1
has caused the Debian Bug report #1016068,
regarding vim: CVE-2022-2522
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1016068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016068
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: vim
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for vim.

CVE-2022-2522[0]:
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to
| 9.0.0060.

https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22
https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2522
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2522

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: vim
Source-Version: 2:9.0.0135-1
Done: James McCoy <[email protected]>

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy <[email protected]> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 03 Aug 2022 19:00:35 -0400
Source: vim
Architecture: source
Version: 2:9.0.0135-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Vim Maintainers <[email protected]>
Changed-By: James McCoy <[email protected]>
Closes: 136455 761800 954016 954113 1010839 1015984 1016068
Changes:
 vim (2:9.0.0135-1) unstable; urgency=medium
 .
   * Merge upstream patch v8.2.5172
     + ftplugin/perl.vim: Only add : to 'isfname' in Perl buffers.  (Closes:
       #761800)
     + ftplugin/tap.vim: Set fold-related options local to the buffer. (Closes:
       #954113)
     + syntax/debcontrol.vim: Fix highlighting of sections with a slash (e.g.,
       "non-free/utils").  (Closes: #1010839)
     + syntax/tap.vim: Match TODO/SKIP markers case-insensitively. (Closes:
       #954016)
     + syntax/perl.vim: Properly highlight code on the same line as the start
       of a here-doc block.  (Closes: #136455)
     + Various CVE fixes (Closes: #1015984, #1016068)
       - 8.2.5043: can open a cmdline window from a substitute expression,
         CVE-2022-1942
       - 8.2.5050: using freed memory when searching for pattern in path,
         CVE-2022-1968
       - 8.2.5063: error for a command may go over the end of IObuff,
         CVE-2022-2000
       - 8.2.5120: searching for quotes may go over the end of the line,
         CVE-2022-2124
       - 8.2.5122: lisp indenting may run over the end of the line,
         CVE-2022-2125
       - 8.2.5123: using invalid index when looking for spell suggestions,
         CVE-2022-2126
       - 8.2.5126: substitute may overrun destination buffer, CVE-2022-2129
       - 9.0.0018: going over the end of the typeahead, CVE-2022-2285
       - 9.0.0025: accessing beyond allocated memory with the cmdline window,
         CVE-2022-2288
       - 9.0.0035: spell dump may go beyond end of an array, CVE-2022-2304
       - 8.2.5162: reading before the start of the line with BS in Replace
         mode, CVE-2022-2207
       - 8.2.4895: buffer overflow with invalid command with composing chars,
         CVE-2022-1616
       - 8.2.4899: with latin1 encoding CTRL-W might go before the cmdline,
         CVE-2022-1619
       - 8.2.4919: can add invalid bytes with :spellgood, CVE-2022-1621
       - 8.2.4956: reading past end of line with "gf" in Visual block mode,
         CVE-2022-1720
       - 8.2.4977: memory access error when substitute expression changes
         window, CVE-2022-1785
       - 8.2.5013: after text formatting cursor may be in an invalid position,
         CVE-2022-1851
       - 8.2.5023: substitute overwrites allocated buffer, CVE-2022-1897
       - 8.2.5024: using freed memory with "]d", CVE-2022-1898
       - 9.0.0060: accessing uninitialized memory when completing long line,
         CVE-2022-2522
   * Temporarily skip Test_Debugger_breakadd_expr
Checksums-Sha1:
 c52d67f33d741d9fb5c40a5d803a0bf63000280e 3168 vim_9.0.0135-1.dsc
 279eaec7eb3250f1c0d493ecd0e2aca5fb28788f 10917252 vim_9.0.0135.orig.tar.xz
 e1d834c7aec33b6b3683cceb248f07e903039475 158664 vim_9.0.0135-1.debian.tar.xz
Checksums-Sha256:
 ca02cff05c6ad79f7674fa3fb8327293aaa51dfb3839b9fd17ed0679c09e58ff 3168 
vim_9.0.0135-1.dsc
 e7ff123fa1d56350cd064cdc54a27ea4b40c5b985fe11e030e764cb70e182999 10917252 
vim_9.0.0135.orig.tar.xz
 14bebc3605ec3caaa93d449e4f8c7608fc2efe63675506b31c8d43ad67db72ce 158664 
vim_9.0.0135-1.debian.tar.xz
Files:
 20c365e992b29288f61890f6dd636cc3 3168 editors optional vim_9.0.0135-1.dsc
 bcd64eca7d2a54543f895da2abe9972c 10917252 editors optional 
vim_9.0.0135.orig.tar.xz
 a0ac2b8273dba8fa9b0ecf60ec3f3d8d 158664 editors optional 
vim_9.0.0135-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmLrAxdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu
QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9sw9xAAoRJd5U0qFsMUVln+AVrLEUl2A9jp
uUmIoQMEEaVGeTS3uR2OIUOuCHokzcHE8plmUhJ1d7Hh7Z2FkOJGBRt/dMlRtfqk
Th3giwzvfPhxDNeNgZ0ghYXUbNucRvoZYfnqBZKJnaCmOlzG4QXoQ+iYX5z6E3ba
0Fc8fwUhFjl1Cos1w8h2AkNMOeZofR2BygS2h9+hs5VeAyb8/FJM2PiwhZEyZs7O
U+6FNvo/BEFT0TdCVW3fw/R6BAQ3tFPhfMlyGT7jODs7x6CQaoq8FSI0v5sRTzwJ
G7/2HqOa9gY7yd75CnIddcpD7TnLdz3d8Io7e27QLwv0hWiqs+VlJHM0knkaD/1o
+VoLHlxvNANJjkgNYiaQIkVkxUzSuUBVPwHwQNg7Sv+0z9+u4lIF51mzdr/11jvd
0skxuvneraaFeI55+OhRFXt7UyOfiCH+vhgkzIbvytodNXGBuryPSHwiKV+AyWQZ
cXj/3YUZR87AgJQD7t7OoKY2sS5AbrZRCcJ1UtPDvvoEFAEo35EGBi/XgM1/kta+
fdqIF+uWwYb15k/dXWIgX95qCsJPaDaotO2EUnvVGH0T4hSw73jlBkIOKoidhjTF
rztu07abKw2RLCUMHoaee3goylQbj8wKOq23KElftqQoEK7M3z9M9KM1LbAVP6SS
dIhjq5d0mW5F6Qs=
=k3TW
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to