| Summary: | vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-419[23], CVE-2021-46059 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, mageia, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | vim-8.2.3755-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-01-07 19:14:36 CET
David Walser
2022-01-07 19:14:46 CET
Status comment:
(none) =>
Fixed upstream in vim 8.2.3923 fixed in mga8
src:
- vim-8.2.4006-1.mga8Status comment:
Fixed upstream in vim 8.2.3923 =>
(none) vim-X11-8.2.4006-1.mga8 vim-enhanced-8.2.4006-1.mga8 vim-minimal-8.2.4006-1.mga8 vim-common-8.2.4006-1.mga8 from vim-8.2.4006-1.mga8.src.rpm mga8, x64 vim has been in use here on and off. Updated the four packages. Edited copies of a few ruby files. Syntax highlighting works. Checked insert and command modes. Tried various commands like i,a,b,shift-l,r,x,d,p,Ctrl-h. Multiple undos work fine (u in command mode, default mode backwards, Ctrl-R to move forwards again). :wq to save and quit. Restarted on same file. Changed a character and quit without saving. :q! Restarted on same file. Inserted a word and tried to quit without saving. :q "E37: No write since last change (add ! to override)" :help vi_diff.txt split the window horizontally and presented the required help in the upper panel. Skimmed through it - there is a lot to read. :exit to remove help window. Leaving it there. No apparent regressions. Whiteboard:
(none) =>
MGA8-64-OK Should have tried some of the related commands. view works, displaying the text in readonly mode. No evim. gvim seems to be the same as vim apart from reversing the foreground/background colours. rvim launches but gives errors on a plain text file - no idea about that one. ex starts in Ex mode, whatever that is - the text is invisible but :visual resumes normal mode. Esoterica for most of us probably. Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-01-14 22:42:40 CET
Keywords:
(none) =>
advisory This update also fixes CVE-2021-46059: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/ Keywords:
advisory =>
(none) An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0015.html Resolution:
(none) =>
FIXED Two more CVEs fixed in this update... CVE-2021-4193 vim is vulnerable to Out-of-bounds Read 8.2.3950 https://bugzilla.redhat.com/show_bug.cgi?id=2039687 CVE-2021-4192 vim is vulnerable to Use After Free 8.2.3949 https://bugzilla.redhat.com/show_bug.cgi?id=2039685 Summary:
vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-46059 =>
vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-419[23], CVE-2021-46059 |