Re: [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980

From: Peter Korsgaard <peter@korsgaard.com>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980
Date: Mon, 06 Jun 2022 14:32:13 +0200	[thread overview]
Message-ID: <875ylevupe.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20220518212740.464658-1-fontaine.fabrice@gmail.com> (Fabrice Fontaine's message of "Wed, 18 May 2022 23:27:40 +0200")

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-1619: Heap-based Buffer Overflow in function
 > cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This
 > vulnerabilities are capable of crashing software, modify memory, and
 > possible remote execution

 > Fix CVE-2022-1620: NULL Pointer Dereference in function
 > vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior
 > to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at
 > regexp.c:2729 allows attackers to cause a denial of service (application
 > crash) via a crafted input.

 > Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in
 > GitHub repository vim/vim prior to 8.2.4919. This vulnerability is
 > capable of crashing software, Bypass Protection Mechanism, Modify
 > Memory, and possible remote execution

 > Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in
 > GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are
 > capable of crashing software, Modify Memory, and possible remote
 > execution

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot