Your message dated Wed, 24 Sep 2025 04:27:21 +0000
with message-id <[email protected]>
and subject line Bug#1110898: fixed in vim 2:9.1.1766-1
has caused the Debian Bug report #1110898,
regarding vim: CVE-2025-55157 CVE-2025-55158
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110898: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110898
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: vim
Version: 2:9.1.1385-1
Severity: grave
Tags: security upstream experimental
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for vim.
CVE-2025-55157[0]:
| Vim is an open source, command line text editor. In versions from
| 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim
| script, an error during evaluation can trigger a use-after-free in
| Vim’s internal tuple reference management. Specifically, the
| tuple_unref() function may access already freed memory due to
| improper lifetime handling, leading to memory corruption. The
| exploit requires direct user interaction, as the script must be
| explicitly executed within Vim. This issue has been patched in
| version 9.1.1400.
CVE-2025-55158[1]:
| Vim is an open source, command line text editor. In versions from
| 9.1.1231 to before 9.1.1406, when processing nested tuples during
| Vim9 script import operations, an error during evaluation can
| trigger a double-free in Vim’s internal typed value (typval_T)
| management. Specifically, the clear_tv() function may attempt to
| free memory that has already been deallocated, due to improper
| lifetime handling in the handle_import / ex_import code paths. The
| vulnerability can only be triggered if a user explicitly opens and
| executes a specially crafted Vim script. This issue has been patched
| in version 9.1.1406.
Those affect only the current version in experiemntal, so RC severity
to make sure they are addressed with or along with the move of vim to
unstable.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-55157
https://www.cve.org/CVERecord?id=CVE-2025-55157
[1] https://security-tracker.debian.org/tracker/CVE-2025-55158
https://www.cve.org/CVERecord?id=CVE-2025-55158
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: vim
Source-Version: 2:9.1.1766-1
Done: James McCoy <[email protected]>
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <[email protected]> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Sep 2025 21:13:05 -0400
Source: vim
Architecture: source
Version: 2:9.1.1766-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Vim Maintainers <[email protected]>
Changed-By: James McCoy <[email protected]>
Closes: 1109374 1110898 1115819
Changes:
vim (2:9.1.1766-1) experimental; urgency=medium
.
* Merge upstream tag v9.1.1766 (Closes: #1115819)
+ Security fixes:
- 9.1.1400: use-after-free when evaluating tuple fails, (Closes:
#1110898, CVE-2025-55157)
- 9.1.1406: crash when importing invalid tuple, CVE-2025-55158
- 9.1.1551: path traversal issue in zip.vim if files have leading '../',
(Closes: #1109374, CVE-2025-53906)
- 9.1.1552: path traversal issue in tar.vim if files have leading '/',
CVE-2025-53905
- 9.1.1616: xxd: possible buffer overflow with bitwise output,
CVE-2025-9390
* Enable socketserver for vim-nox, vim-basic, and vim-gtk3
* Enable wayland support only for GUI builds
* Drop obsolete transitional package, vim-athena
Checksums-Sha1:
6f9b5c88f996ed221066db8a44d8d2ed6319bb7d 3186 vim_9.1.1766-1.dsc
5cf432528052b5e314e435b383899d4e29f4a718 12504408 vim_9.1.1766.orig.tar.xz
ec77f08ecf7416fbc2c5c1071ee7f291fbb28165 192116 vim_9.1.1766-1.debian.tar.xz
4ed93916ebab9f246960771122a5215df7df552b 34371828 vim_9.1.1766-1.git.tar.xz
b7b58ccfdc1c5c5172678838f703a6d792db1b17 18216 vim_9.1.1766-1_source.buildinfo
Checksums-Sha256:
f2b6cb53d244bc8b67108a7c246be8494b80b2337ec5a615718738cc152c2a62 3186
vim_9.1.1766-1.dsc
c4c3e86873464b181019621bb040c06b0c842601828f4242a03ed8882bb45a68 12504408
vim_9.1.1766.orig.tar.xz
8d27553be8ad0b5ae3e7921d31edc788a5deaf3f479844ea63c6004b83a7a75e 192116
vim_9.1.1766-1.debian.tar.xz
93dfb12efe067fa176a6a18e42da02c8f2c993ef11eaa10abf8cdce1ad06aa03 34371828
vim_9.1.1766-1.git.tar.xz
cbaab6d2e1aa45227a3a583f9a530ef20919a0f8e93b9857af7f6db244826dc4 18216
vim_9.1.1766-1_source.buildinfo
Files:
c102f15b14c6903ce7f947f694a6f8ed 3186 editors optional vim_9.1.1766-1.dsc
c7bdb922ec6d7067cb63c5f8c9f0f378 12504408 editors optional
vim_9.1.1766.orig.tar.xz
99ed717578009fc39b06d3cef7420717 192116 editors optional
vim_9.1.1766-1.debian.tar.xz
6b33c733b793e4117161d00cb5c5157b 34371828 editors optional
vim_9.1.1766-1.git.tar.xz
999bf9080b97d5e38b5082f2c68b7d8f 18216 editors optional
vim_9.1.1766-1_source.buildinfo
Git-Tag-Info: tag=4cedce4f77f065d5bb05aa9e4d942090f0ce8ea8
fp=91bfbf4d6956bd5df7b72d23dfe691ae331ba3db
Git-Tag-Tagger: James McCoy <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmjTTM4ACgkQYG0ITkaD
wHknpg/9EIID13T/6dCCLlvlCe3wN8Rz3ZzTB+tRQb3/qSrrEOqyc6HQJTd1ckPu
2z9RenhdoutxGfc2a3Ldx/RWwOGKHVHIh26CJXrp3gEDBtW5io40Q0QzXm/RMQgi
hJxpkWi/uiDl2Sn60D3pQU+rBdI/wRgtLt8nwaHZ0qXfTAtU950/UZXm9FdDS8K5
bqunrDkYfdN0vLFKJ6M1rHmtaZsbUEdysuObzZZo7mjcYii4WrYwVdgdf+ax6jm9
nW1gcW0S/IElAIVHcPeA55ynwfXK0g+J93aZKVUG4I2uKI9VI1vxeCtchmCheo4H
Jo57TgwAdtPqIagkfAVIt6ZYvCFDN2ppaofEgWASB6P7Fqhvy4NC4nDwWD4aSQnr
dFzDXDx+0Co+ybimPzs7SNgygWuG9xo0csP55PrjkzHrjLtengN2L4ISrYjjWMpl
BjYbxekEetjsH7BXhf3iL7APfV2QuGhhS4SCq46xcaU2steMMQs1p+F9rn/0tilj
oHKLVwJZeUHpTeUOWdJcOdulrQE5xyk7XclcC+LniHVngGlSGJEVdiWuS/hz7UQZ
0WN5BediX84dwLp2J9JUwMmlPN3HCWCQurowCDkj5XvaJlmcBM3zBaK3umeHqPG9
pX9V/86cezFNOdewtX3ZXWUXsWe1Y491jxhorwrXKy9E6xXJonU=
=SN8n
-----END PGP SIGNATURE-----
pgp6hPsGw1ozO.pgp
Description: PGP signature
--- End Message ---
