Bug 29730

Summary: vim new security issue CVE-2021-4019
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, mageia, sysadmin-bugs, thierry.vignaud
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: vim-8.2.3642-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2021-12-05 16:41:11 CET 
Fedora has issued an advisory on December 4:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/

The issue is fixed upstream in 8.2.3669.
Comment 1 Lewis Smith 2021-12-05 17:39:34 CET 
This is definitely for Thierry.
How things move fast: 8.2.3642 was committed just 12d ago, but 8.2.3717 is already in Cauldron!

Assignee: bugsquad => thierry.vignaud

Comment 2 Nicolas Lécureuil 2021-12-05 22:36:50 CET 
fixed in mga8:

src:
   - vim-8.2.3717-1.mga8

CC: (none) => mageia, thierry.vignaud
Assignee: thierry.vignaud => qa-bugs

Comment 3 David Walser 2021-12-06 04:12:33 CET 
vim-X11-8.2.3717-1.mga8
vim-enhanced-8.2.3717-1.mga8
vim-minimal-8.2.3717-1.mga8
vim-common-8.2.3717-1.mga8

from vim-8.2.3717-1.mga8.src.rpm
Comment 4 Herman Viaene 2021-12-06 13:26:25 CET 
MGA8-64 Plasma on Lenovo B50
No installation issues.
Used vimx to edit some text file: works OK

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2021-12-07 14:05:26 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-12-08 01:29:27 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2021-12-08 21:05:38 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0545.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED