Bug 30503

Summary: vim new security issues CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1886, CVE-2022-189[78], CVE-2022-1927, CVE-2022-1942, CVE-2022-1968
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, davidwhodgins, mageia, sysadmin-bugs, tarazed25, thierry.vignaud
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: vim-8.2.4975-1.mga8.src.rpm CVE:
Status comment:

Description David Walser 2022-06-03 00:07:17 CEST 
Fedora has issued an advisory today (June 2):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/

The issues are fixed upstream in 8.2.5037.
David Walser 2022-06-03 00:07:36 CEST

Status comment: (none) => Fixed upstream in 8.2.5037

Comment 1 Lewis Smith 2022-06-05 08:37:52 CEST 
vim is Thierry's baby, so assigning to you.
I see you have already committed an even more recent version 8.2.5052 in Cauldron.

Assignee: bugsquad => thierry.vignaud

Comment 2 Nicolas Lécureuil 2022-06-06 21:39:13 CEST 
pushed in mga8

src:
    - vim-8.2.5052-1.mga8

CC: (none) => mageia, thierry.vignaud
Assignee: thierry.vignaud => qa-bugs
Status comment: Fixed upstream in 8.2.5037 => (none)

Comment 3 David Walser 2022-06-08 00:24:24 CEST 
vim-X11-8.2.5052-1.mga8
vim-enhanced-8.2.5052-1.mga8
vim-minimal-8.2.5052-1.mga8
vim-common-8.2.5052-1.mga8

from vim-8.2.5052-1.mga8.src.rpm
Comment 4 Len Lawrence 2022-06-08 14:59:07 CEST 
mga8, x64

Packages updated OK.
Edited some program scripts>  Automatic indenting and syntax highlighting work as before.  No regressions evident  in the common commands, inline or in command mode.  These are fine for 64-bits.

CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK

Comment 5 David Walser 2022-06-08 18:55:02 CEST 
Fedora has issued an advisory on June 7:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/

It fixes two additional issues fixed upstream in 8.2.5043.

Summary: vim new security issues CVE-2022-1851, CVE-2022-189[78], CVE-2022-1927 => vim new security issues CVE-2022-1851, CVE-2022-1886, CVE-2022-189[78], CVE-2022-1927, CVE-2022-1942

Comment 6 Thomas Andrews 2022-06-09 04:04:24 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-06-09 20:30:46 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 7 Mageia Robot 2022-06-09 22:50:50 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0223.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 8 David Walser 2022-06-16 23:11:08 CEST 
This update also fixed CVE-2022-1785 CVE-2022-1796:
https://lists.suse.com/pipermail/sle-security-updates/2022-June/011301.html
Comment 10 David Walser 2022-06-21 23:14:46 CEST 
This update also fixed CVE-2022-1968:
https://www.debian.org/lts/security/2022/dla-3053

Summary: vim new security issues CVE-2022-1851, CVE-2022-1886, CVE-2022-189[78], CVE-2022-1927, CVE-2022-1942 => vim new security issues CVE-2022-1851, CVE-2022-1886, CVE-2022-189[78], CVE-2022-1927, CVE-2022-1942, CVE-2022-1968

David Walser 2022-06-30 19:58:58 CEST

Summary: vim new security issues CVE-2022-1851, CVE-2022-1886, CVE-2022-189[78], CVE-2022-1927, CVE-2022-1942, CVE-2022-1968 => vim new security issues CVE-2022-1785, CVE-2022-1796, CVE-2022-1851, CVE-2022-1886, CVE-2022-189[78], CVE-2022-1927, CVE-2022-1942, CVE-2022-1968