Your message dated Wed, 28 Dec 2022 17:39:58 +0000 with message-id <e1paapg-000unm...@fasolo.debian.org> and subject line Bug#1027146: fixed in vim 2:9.0.1000-1 has caused the Debian Bug report #1027146, regarding vim: CVE-2022-4141 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1027146: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027146 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: vim X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for vim. CVE-2022-4141[0]: | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing | an attacker to CTRL-W gf in the expression used in the RHS of the | substitute command. https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-4141 https://www.cve.org/CVERecord?id=CVE-2022-4141 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: vim Source-Version: 2:9.0.1000-1 Done: James McCoy <james...@debian.org> We believe that the bug you reported is fixed in the latest version of vim, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1027...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. James McCoy <james...@debian.org> (supplier of updated vim package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 28 Dec 2022 11:51:10 -0500 Source: vim Architecture: source Version: 2:9.0.1000-1 Distribution: unstable Urgency: medium Maintainer: Debian Vim Maintainers <team+...@tracker.debian.org> Changed-By: James McCoy <james...@debian.org> Closes: 1027146 Changes: vim (2:9.0.1000-1) unstable; urgency=medium . * Merge upstream patch v9.0.1000 + Security fixes - 9.0.0882: using freed memory after SpellFileMissing autocmd uses bwipe, CVE-2022-4292 - 9.0.0947: invalid memory access in substitute with function that goes to another file (Closes: #1027146, CVE-2022-4141) * Backport v9.0.1087 to fix test_autocmd flakiness Checksums-Sha1: bcb4bef7232a59209a426e19607bec3d10a42ea1 3168 vim_9.0.1000-1.dsc a041828ee50468bb632f2eec2de4c0ef43339cf1 11016004 vim_9.0.1000.orig.tar.xz 5d3cc09ee6ec15d920961e5b9a5f8b03cd97966c 171456 vim_9.0.1000-1.debian.tar.xz Checksums-Sha256: cf7981cf974c59622f18a5f18e5cf851b503a245157d038300672383fab060c6 3168 vim_9.0.1000-1.dsc 7cad71aa4285f827ea324dbb2453ed88ecb228fe10f258683f78560aa42f6743 11016004 vim_9.0.1000.orig.tar.xz c0eea5a7c83e99223f956053363b6a22569f66c23df00406202d6eaa2a527c66 171456 vim_9.0.1000-1.debian.tar.xz Files: a78f72e752f8f46326cc5d50cac9f7e0 3168 editors optional vim_9.0.1000-1.dsc 7e7a50315bb8e7b2bc7b83dd7304091c 11016004 editors optional vim_9.0.1000.orig.tar.xz 770500c2f7273150f2debffe2c2f7c87 171456 editors optional vim_9.0.1000-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmOsdchfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9s2CxAAqJUqFee8IfOVjK3fsmDXFzf8u1Pz /wkm4+CUT6hYarwyChecQYvmGR+ELL0P3JSJNntKUBVUt1b4hm0fy+/7MbPnFHn7 YbWAMvZdI2DSDxpja7HNEWEc05x3q0JFE5qfcpJnb+XMPwhfBwf6blZ/SxBkkiIb MwfbzyolXrUeXvDTbSXbvzDzYtCCveWQYkArTDDZPNyaA/NHpWUTAYwwd99SrW30 NOqnagrvbe1C5FWq8KxNbSX+ZZZl5m7WL1qRQs9r8YTGRDdX74W70tmHen8qhtS/ ozTwWnXazt0rekXVye+aFG1adrIF+4wLj6VpwOlGH36fEf6TIUUvcidXhLeYH9Gt EJdQBcKc7cV6MylSwfzshrJHMR8YW+kUmrzFtSXavcwXlAZ2ImkSy9ApJbiueIvq NDQHo0ANQjUGjn1VENEBvSpFRFyX8f174A1VjOX+6kcEIouur3ILnlhZuUqHKBmE SguraGFa6hNqFzFN2KBq7bIZlSimRs2J486bxmgXaRhvxDWZHhg3LtV7LnRv0IcI oe3dS/CTbsDf2cnC2u1t3epYn1Hsw9atK8snBEQDCPHdgzPBE3NjsNYYxtXwu/CC FXzsFBJMlyYM3pC9i9dmo4olcus0B5Vb5bqGGXlLxTqFwPhlJtjF7t0ViWRbTAgp TdYqknoVXMBjP80= =GnEb -----END PGP SIGNATURE-----
--- End Message ---
