From: Pavel Zhukov <pavel@zhukoff.net>
To: Alexander Kanavin <alex.kanavin@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341
Date: Wed, 31 Aug 2022 18:20:44 +0200 [thread overview]
Message-ID: <877d2ojsbh.fsf@gentoo.zhukoff.net> (raw)
In-Reply-To: <CANNYZj8T_Cntva5-+YXX7Dzhf2YJNOyPkbbEYWWZAmHUm4g3xA@mail.gmail.com>
"Alexander Kanavin" <alex.kanavin@gmail.com> writes:
> I have to wonder, what is really going on there? :-) This never ending
> stream of CVEs makes vim formally the most insecure item in core. Does
> anyone know?
Is it rhetorical question? :)
Vim has very old codebase and nobody carried about security at that
time.
There were few attemps to rewrite vim recently (neovim for example) but
I don't know the outcome.
>
> Alex
>
> On Wed, 31 Aug 2022 at 18:07, Richard Purdie
> <richard.purdie@linuxfoundation.org> wrote:
>>
>> Addresses CVE-2022-2980, CVE-2022-2946 and CVE-2022-2982.
>>
>> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
>> ---
>> meta/recipes-support/vim/vim.inc | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
>> index 5b95ab2625c..33a82992433 100644
>> --- a/meta/recipes-support/vim/vim.inc
>> +++ b/meta/recipes-support/vim/vim.inc
>> @@ -20,8 +20,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
>> file://no-path-adjust.patch \
>> "
>>
>> -PV .= ".0242"
>> -SRCREV = "171c683237149262665135c7d5841a89bb156f53"
>> +PV .= ".0341"
>> +SRCREV = "92a3d20682d46359bb50a452b4f831659e799155"
>>
>> # Remove when 8.3 is out
>> UPSTREAM_VERSION_UNKNOWN = "1"
>> --
>> 2.34.1
>>
>>
>>
>>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#170135): https://lists.openembedded.org/g/openembedded-core/message/170135
> Mute This Topic: https://lists.openembedded.org/mt/93374420/6390638
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [pavel@zhukoff.net]
> -=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2022-08-31 16:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-31 16:07 [PATCH] vim: Upgrade 9.0.0242 -> 9.0.0341 Richard Purdie
2022-08-31 16:17 ` [OE-core] " Alexander Kanavin
2022-08-31 16:20 ` Pavel Zhukov [this message]
2022-08-31 16:21 ` Richard Purdie
2022-08-31 16:30 ` Alexander Kanavin
2022-08-31 16:40 ` Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877d2ojsbh.fsf@gentoo.zhukoff.net \
--to=pavel@zhukoff.net \
--cc=alex.kanavin@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox