Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980
@ 2022-05-18 21:27 Fabrice Fontaine
  2022-05-30 20:55 ` Thomas Petazzoni via buildroot
  2022-06-06 12:32 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-05-18 21:27 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

Fix CVE-2022-1619: Heap-based Buffer Overflow in function
cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This
vulnerabilities are capable of crashing software, modify memory, and
possible remote execution

Fix CVE-2022-1620: NULL Pointer Dereference in function
vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior
to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at
regexp.c:2729 allows attackers to cause a denial of service (application
crash) via a crafted input.

Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in
GitHub repository vim/vim prior to 8.2.4919. This vulnerability is
capable of crashing software, Bypass Protection Mechanism, Modify
Memory, and possible remote execution

Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in
GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are
capable of crashing software, Modify Memory, and possible remote
execution

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/vim/vim.hash | 2 +-
 package/vim/vim.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/vim/vim.hash b/package/vim/vim.hash
index 1cd0de9991..9d61d6fc87 100644
--- a/package/vim/vim.hash
+++ b/package/vim/vim.hash
@@ -1,4 +1,4 @@
 # Locally computed
-sha256  f2755fca3b2f47052166dd601a38411b9adbeca0d43885194db8ada4d1a171a3  vim-8.2.4843.tar.gz
+sha256  5606a3c62dba038f4c4f2eddb305ffccbae58a7bfd569bdb8100f524564c8a32  vim-8.2.4980.tar.gz
 sha256  0bcab3b635dd39208c42b496568d1e8171dad247cf3da5bab3d750c9d5883499  LICENSE
 sha256  96970b67f9cb38b0e759946cff22562a3c4b11ce78f62f2117d5e7ecded9ab4d  README.txt
diff --git a/package/vim/vim.mk b/package/vim/vim.mk
index be96a08d09..9e70360b90 100644
--- a/package/vim/vim.mk
+++ b/package/vim/vim.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-VIM_VERSION = 8.2.4843
+VIM_VERSION = 8.2.4980
 VIM_SITE = $(call github,vim,vim,v$(VIM_VERSION))
 VIM_DEPENDENCIES = ncurses $(TARGET_NLS_DEPENDENCIES)
 VIM_SUBDIR = src
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980
  2022-05-18 21:27 [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980 Fabrice Fontaine
@ 2022-05-30 20:55 ` Thomas Petazzoni via buildroot
  2022-06-06 12:32 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-05-30 20:55 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

On Wed, 18 May 2022 23:27:40 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Fix CVE-2022-1619: Heap-based Buffer Overflow in function
> cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This
> vulnerabilities are capable of crashing software, modify memory, and
> possible remote execution
> 
> Fix CVE-2022-1620: NULL Pointer Dereference in function
> vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior
> to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at
> regexp.c:2729 allows attackers to cause a denial of service (application
> crash) via a crafted input.
> 
> Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in
> GitHub repository vim/vim prior to 8.2.4919. This vulnerability is
> capable of crashing software, Bypass Protection Mechanism, Modify
> Memory, and possible remote execution
> 
> Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in
> GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are
> capable of crashing software, Modify Memory, and possible remote
> execution
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/vim/vim.hash | 2 +-
>  package/vim/vim.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980
  2022-05-18 21:27 [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980 Fabrice Fontaine
  2022-05-30 20:55 ` Thomas Petazzoni via buildroot
@ 2022-06-06 12:32 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-06-06 12:32 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-1619: Heap-based Buffer Overflow in function
 > cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This
 > vulnerabilities are capable of crashing software, modify memory, and
 > possible remote execution

 > Fix CVE-2022-1620: NULL Pointer Dereference in function
 > vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior
 > to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at
 > regexp.c:2729 allows attackers to cause a denial of service (application
 > crash) via a crafted input.

 > Fix CVE-2022-1621: Heap buffer overflow in vim_strncpy find_word in
 > GitHub repository vim/vim prior to 8.2.4919. This vulnerability is
 > capable of crashing software, Bypass Protection Mechanism, Modify
 > Memory, and possible remote execution

 > Fix CVE-2022-1629: Buffer Over-read in function find_next_quote in
 > GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are
 > capable of crashing software, Modify Memory, and possible remote
 > execution

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-06 12:32 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-18 21:27 [Buildroot] [PATCH 1/1] package/vim: security bump to version 8.2.4980 Fabrice Fontaine
2022-05-30 20:55 ` Thomas Petazzoni via buildroot
2022-06-06 12:32 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox