Bug 19829

Debian has issued an advisory for this today (November 22):
https://www.debian.org/security/2016/dsa-3722

Debian-LTS has issued an advisory today (February 13):
https://lwn.net/Alerts/714402/

This fixes an additional issue, CVE-2017-5953:
https://lwn.net/Vulnerabilities/714427/

The upstream commit to fix the issue is linked from the Debian bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854969

The fix was included in 8.0.0322, so Cauldron will need to be updated too.

Version: 5 => Cauldron
Summary: vim new security issue CVE-2016-1248 => vim new security issues CVE-2016-1248 and CVE-2017-5953
Whiteboard: (none) => MGA5TOO

Fedora has issued an advisory today (March 1):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JYVF3KT6EAEDFGLP5STYMQ7VRJDMK66G/

It fixes two additional security issues.

Summary: vim new security issues CVE-2016-1248 and CVE-2017-5953 => vim new security issues CVE-2016-1248, CVE-2017-5953, CVE-2017-6349, CVE-2017-6350

we have vim 8.0-388 so it is OK in cauldron

Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)
CVE: (none) => CVE-2016-1248, CVE-2017-5953, CVE-2017-6349, CVE-2017-6350

pushed in updates_testing for mageia 5
src.rpm:
        vim-7.4.430-7.1.mga5

Assignee: thierry.vignaud => qa-bugs

Advisory:
========================

Updated vim packages fix security vulnerabilities:

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor,
does not properly validate values for the "filetype", "syntax" and "keymap"
options, which may result in the execution of arbitrary code if a file with a
specially crafted modeline is opened (CVE-2016-1248).

A vulnerability has been discovered in Vim where a malformed spell file could
cause an integer overflow which is used as the size for memory allocation,
resulting in a subsequent buffer overflow (CVE-2017-5953).

An integer overflow flaw was found in the way vim handled undo files. This bug
could result in vim crashing when trying to process corrupted undo files
(CVE-2017-6349).

An integer overflow flaw was found in the way vim handled tree length values
when reading an undo file. This bug could result in vim crashing when trying
to process corrupted undo files (CVE-2017-6350).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350
https://www.debian.org/security/2016/dsa-3722
https://www.debian.org/security/2017/dsa-3786
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JYVF3KT6EAEDFGLP5STYMQ7VRJDMK66G/
========================

Updated packages in core/updates_testing:
========================
vim-common-7.4.430-7.1.mga5
vim-minimal-7.4.430-7.1.mga5
vim-enhanced-7.4.430-7.1.mga5
vim-X11-7.4.430-7.1.mga5

from vim-7.4.430-7.1.mga5.src.rpm

Installed and tested without issues. There is no specific test procedure so I did some usual editing.

$ rpm -qa | grep vim
vim-common-7.4.430-7.1.mga5
vim-enhanced-7.4.430-7.1.mga5
vim-minimal-7.4.430-7.1.mga5

Whiteboard: (none) => MGA5-64-OK
CC: (none) => mageia

Advisory uploaded, validating.

Whiteboard: MGA5-64-OK => advisory MGA5-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0275.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED