Bug 30561

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: vim-8.2.5052-1.mga8.src.rpm CVE: CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-323[45]
Status comment:

Description David Walser 2022-06-17 16:40:28 CEST 
Fedora has issued an advisory today (June 17):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/

The issue is fixed upstream in 8.2.5063.
David Walser 2022-06-17 16:40:38 CEST

Status comment: (none) => Fixed upstream in 8.2.5063

Comment 1 Lewis Smith 2022-06-17 21:37:31 CEST 
Assigning to tv who looks after vim.

Assignee: bugsquad => thierry.vignaud

Comment 2 David Walser 2022-06-21 23:15:47 CEST 
Debian-LTS has issued an advisory on June 20:
https://www.debian.org/lts/security/2022/dla-3053

It fixes two new issues that are fixed upstream in 8.2.5123.

Status comment: Fixed upstream in 8.2.5063 => Fixed upstream in 8.2.5123
Summary: vim new security issue CVE-2022-2000 => vim new security issues CVE-2022-2000, CVE-2022-2124, CVE-2022-2126

Comment 3 David Walser 2022-06-25 19:07:11 CEST 
Ubuntu has issued an advisory on June 23:
https://ubuntu.com/security/notices/USN-5492-1

The issue is fixed upstream in 8.2.5072.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2124, CVE-2022-2126 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2126

Comment 4 David Walser 2022-06-30 20:19:25 CEST 
Fedora has issued an advisory today (June 30):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/

It fixes several new issues that are fixed upstream in 8.2.5169.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2126 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231
Status comment: Fixed upstream in 8.2.5123 => Fixed upstream in 8.2.5169

Comment 5 David Walser 2022-07-14 19:25:47 CEST 
Fedora has issued an advisory today (July 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

It fixes several new issues that are fixed upstream in 9.0.0035.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304
Status comment: Fixed upstream in 8.2.5169 => Fixed upstream in 9.0.0035

Comment 6 David Walser 2022-07-22 17:12:03 CEST 
Fedora has issued an advisory on July 21:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/

It fixes three new issues that are fixed upstream in 9.0.0047.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5]
Status comment: Fixed upstream in 9.0.0035 => Fixed upstream in 9.0.0047

Comment 7 David Walser 2022-08-23 18:33:27 CEST 
Fedora has issued an advisory today (August 23):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/

It fixes three new issues that are fixed upstream in 9.0.0213.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5] => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5],CVE-2022-281[679]
Status comment: Fixed upstream in 9.0.0047 => Fixed upstream in 9.0.0213

Comment 8 David Walser 2022-09-01 23:23:55 CEST 
Fedora has issued an advisory today (September 1):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/

It fixes four new issues that are fixed upstream in 9.0.0245.

CVEs have overflowed from the subject into the CVEs field again...

CVE: (none) => CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946
Status comment: Fixed upstream in 9.0.0213 => Fixed upstream in 9.0.0245

Comment 9 David Walser 2022-09-06 21:25:41 CEST 
Fedora has issued an advisory on September 4:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/

It fixes one new issue that is fixed upstream in 9.0.0322.

CVE: CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946 => CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3037
Status comment: Fixed upstream in 9.0.0245 => Fixed upstream in 9.0.0322

Comment 10 David Walser 2022-09-09 19:36:59 CEST 
SUSE has issued an advisory on September 9:
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.html

It includes several other CVEs that will be fixed in this update.

Summary: ,CVE-2022-281[679] => (none)
CVE: CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3037 => CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016, CVE-2022-3037
Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5] => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5]

David Walser 2022-09-09 19:38:57 CEST

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5] => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5]

Comment 11 David Walser 2022-09-09 19:40:23 CEST 
(In reply to David Walser from comment #10)
> SUSE has issued an advisory on September 9:
> https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.
> html
> 
> It includes several other CVEs that will be fixed in this update.

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUQDO2AKYFBQGJNMY6TUKLRL7L6M3NZB/
Comment 12 David Walser 2022-09-14 23:09:34 CEST 
Fedora has issued an advisory today (September 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/

It fixes several more issues that are fixed upstream in 9.0.0360.

CVE: CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016, CVE-2022-3037 => CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099
Status comment: Fixed upstream in 9.0.0322 => Fixed upstream in 9.0.0360

Comment 13 David Walser 2022-10-14 20:00:34 CEST 
Fedora has issued an advisory today (October 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/

It fixes several more issues that are fixed upstream in 9.0.0614.

Now the CVE field is also filled, so adding more CVEs to personal tags.

Status comment: Fixed upstream in 9.0.0360 => Fixed upstream in 9.0.0614
CVE: CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099 => CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-323[45]

Comment 14 David Walser 2022-10-14 20:01:27 CEST 
Doesn't look like anyone else can see personal tags.

CVE-2022-3256, CVE-2022-3278, CVE-2022-329[67], CVE-2022-3324, CVE-2022-3352

are the additional CVEs.
Comment 15 David Walser 2022-11-07 21:17:39 CET 
Fedora has issued an advisory on November 5:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/

It fixes one additional issue that is fixed upstream in 9.0.0805.

It is CVE-2022-3705.

Status comment: Fixed upstream in 9.0.0614 => Fixed upstream in 9.0.0805

Comment 16 David Walser 2022-11-11 18:21:11 CET 
Debian-LTS has issued an advisory for this on November 8:
https://www.debian.org/lts/security/2022/dla-3182

It also notes that this update (if we ever do it) will fix CVE-2022-3134.
Comment 17 Nicolas Salguero 2022-11-16 12:23:36 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2000, CVE-2022-2129, CVE-2022-2210)

Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-2042)

Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124, CVE-2022-2175)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)

Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. (CVE-2022-2845)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980)

Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982)

Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

Use After Free in GitHub repository vim/vim prior to 9.0.0322. (CVE-2022-3037)

Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099)

Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)

Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)

Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)

Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. (CVE-2022-3705)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3705
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/
https://www.debian.org/lts/security/2022/dla-3053
https://ubuntu.com/security/notices/USN-5492-1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUQDO2AKYFBQGJNMY6TUKLRL7L6M3NZB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/
https://www.debian.org/lts/security/2022/dla-3182
========================

Updated packages in core/updates_testing:
========================
vim-common-9.0.828-1.mga8
vim-enhanced-9.0.828-1.mga8
vim-minimal-9.0.828-1.mga8
vim-X11-9.0.828-1.mga8

from SRPM:
vim-9.0.828-1.mga8.src.rpm

CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: thierry.vignaud => qa-bugs
Status comment: Fixed upstream in 9.0.0805 => (none)

Comment 18 Herman Viaene 2022-11-18 17:03:53 CET 
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Muddled around with basic commands as a, d, i, x. Edditing followed indenting of the java file OK. Wrote changes to the file and exited OK.
Good enough for me.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 19 Thomas Andrews 2022-11-18 17:57:57 CET 
Validating. Advisory in comment 17.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-11-18 22:28:49 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 20 Mageia Robot 2022-11-18 23:52:01 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0430.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Comment 21 David Walser 2022-11-30 17:56:31 CET 
This update also fixed CVE-2022-3153:
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html
Comment 22 David Walser 2022-11-30 18:00:19 CET 
(In reply to David Walser from comment #21)
> This update also fixed CVE-2022-3153:
> https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.
> html

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZR42N7RDVASXTO4OCBY3ISIU6INSOWWQ/
Comment 23 David Walser 2022-12-13 16:20:28 CET 
This update also fixed CVE-2022-3591:
https://ubuntu.com/security/notices/USN-5775-1
Comment 25 David Walser 2023-02-01 17:13:20 CET 
This update also fixed CVE-2022-47024:
https://ubuntu.com/security/notices/USN-5836-1