Your message dated Fri, 30 Sep 2022 05:05:25 +0000 with message-id <e1oe8df-001s9q...@fasolo.debian.org> and subject line Bug#1019590: fixed in vim 2:9.0.0626-1 has caused the Debian Bug report #1019590, regarding vim: CVE-2022-2946 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1019590: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019590 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: vim X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for vim. CVE-2022-2946[0]: | Use After Free in GitHub repository vim/vim prior to 9.0.0246. https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246) CVE-2022-2982[1]: | Use After Free in GitHub repository vim/vim prior to 9.0.0260. https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260) CVE-2022-3037[2]: | Use After Free in GitHub repository vim/vim prior to 9.0.0322. https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322) CVE-2022-3099[3]: | Use After Free in GitHub repository vim/vim prior to 9.0.0360. https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360) CVE-2022-3134[4]: | Use After Free in GitHub repository vim/vim prior to 9.0.0389. https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2946 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946 [1] https://security-tracker.debian.org/tracker/CVE-2022-2982 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2982 [2] https://security-tracker.debian.org/tracker/CVE-2022-3037 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3037 [3] https://security-tracker.debian.org/tracker/CVE-2022-3099 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099 [4] https://security-tracker.debian.org/tracker/CVE-2022-3134 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3134 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: vim Source-Version: 2:9.0.0626-1 Done: James McCoy <james...@debian.org> We believe that the bug you reported is fixed in the latest version of vim, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1019...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James McCoy <james...@debian.org> (supplier of updated vim package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 30 Sep 2022 00:38:50 -0400 Source: vim Architecture: source Version: 2:9.0.0626-1 Distribution: unstable Urgency: medium Maintainer: Debian Vim Maintainers <team+...@tracker.debian.org> Changed-By: James McCoy <james...@debian.org> Closes: 796872 1019590 Changes: vim (2:9.0.0626-1) unstable; urgency=medium . * Merge upstream patch v9.0.0626 + Various CVE fixes (Closes: #1019590) - 9.0.0246: using freed memory when 'tagfunc' deletes the buffer, CVE-2022-2946 - 9.0.0260: using freed memory when using 'quickfixtextfunc' recursively, CVE-2022-2982 - 9.0.0322: crash when no errors and 'quickfixtextfunc' is set, CVE-2022-3037 - 9.0.0360: crash when invalid line number on :for is ignored, CVE-2022-3099 - 9.0.0389: crash when 'tagfunc' closes the window, CVE-2022-3134 - 9.0.0483: illegal memory access when replacing in virtualedit mode, CVE-2022-3234 - 9.0.0490: using freed memory with cmdwin and BufEnter autocmd, CVE-2022-3235 - 9.0.0530: using freed memory when autocmd changes mark, CVE-2022-3256 - 9.0.0577: buffer underflow with unexpected :finally, CVE-2022-3296 - 9.0.0598: using negative array index with negative width window, CVE-2022-3324 - 9.0.0614: CVE-2022-3352 + 9.0.0509: confusing error for "saveas" command with "nofile" buffer (Closes: #796872) Checksums-Sha1: fca6d20ff85e33f233e65d3523b97e3cb5fa10e0 3168 vim_9.0.0626-1.dsc 435db197916d9d4cc3fcea747e99c2f03e00b6f9 10982684 vim_9.0.0626.orig.tar.xz 8b328897eb6550c7fff4440d35fec38c9dc52f9e 167560 vim_9.0.0626-1.debian.tar.xz Checksums-Sha256: 8e91f66c3563c22e04be41c797270916a0e1aa39bf0b7a6a52b299a8fc03fc3e 3168 vim_9.0.0626-1.dsc 6034a8e0cf376f73bdf24c695ff89667cabb2e56c792f8f1607dccb3e0c54cc6 10982684 vim_9.0.0626.orig.tar.xz ea89c742706af2176264d3a5e801818ccf0a5b844cb2a9f7d612386bf405327f 167560 vim_9.0.0626-1.debian.tar.xz Files: f22f9bea93661cd10bb22e612656b67d 3168 editors optional vim_9.0.0626-1.dsc f9eab68262fdce779802d29b5b9f9fc4 10982684 editors optional vim_9.0.0626.orig.tar.xz 005feef7e7b0ccc7fa0fe53f00b12c50 167560 editors optional vim_9.0.0626-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmM2cztfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9v95BAAriVfidV0R/sToLwxviqpDffMGRvc zTi8eMvJt7y+BeTjh1YDKz6HAysVte+XO1vztLp1dvmfz/Jo3rP8x8M0UU3LFwgT ZdUb3PtVASDGwC7J5doht5AWim9OPaWB/PpMkBYZeYHAxFWRj4AQR1oUiJrMCFGR VOAzrEdvkXN1749suMHNQpvyHt7/Q4cFwVIfvkq+5EVXyikXfKxu9UwXw1w3dRFf SR9//83gxklGOA+ynbny/FKwjzV+PzPl3LQ1cZnoQgnWiZpUDLVs0uFAPw6U9T9q OK2tQZ7JeyoUhspbObMcfCIqxZkEJktd/gAkvM742m/+lmCzV992uhLTj06Ok+d7 8HD0DGacqOjQCoOPoHcSVjFw6IPEfwsyIbtMXHp7b5HKTGznulcDMkUEzoZQghoC /KqnzHDSknLZ62AqdM4dBAf1ia2DLOFKWVnYogblp1lrvQHC0dTqybkdAxOLHfA/ xxkGTv40IjPProuICY8j0O4sEV3W0re3WStuaYzz8aIyMACR7qrthqvE9LJSukq8 nglnsAxlr1DFqRA01FdkBbCfYrwqovJ4TwRh8C8EaNSDfoiIK5cH1rmV+mzuI3Eb N9HPaft27eQFfO/ysEG+IB8KWBXYn1q4Io3ig+0MgRrKa7X7mmhicN5VlO8XvohR WBE3K5h//eYvTLM= =IKCQ -----END PGP SIGNATURE-----
--- End Message ---
