Bug 31422

This is unambiguously for tv.

Assignee: bugsquad => thierry.vignaud

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. (CVE-2023-0049)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0049
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW/
========================

Updated packages in core/updates_testing:
========================
vim-common-9.0.1221-1.mga8
vim-enhanced-9.0.1221-1.mga8
vim-minimal-9.0.1221-1.mga8
vim-X11-9.0.1221-1.mga8

from SRPM:
vim-9.0.1221-1.mga8.src.rpm

Version: Cauldron => 8
CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: thierry.vignaud => qa-bugs
Whiteboard: MGA8TOO => (none)
Status comment: Fixed upstream in 9.0.1143 => (none)
CVE: (none) => CVE-2023-0049

mga8, x64

Clean update.  Picked a random text document and tried out command mode and insertion mode:

$ vim output
.....
:version
VIM - Vi IMproved 9.0 (2022 Jun 28, compiled Jan 23 2023 14:07:43)
Included patches: 1-1221
Compiled by ns80 <ns80>
Huge version without GUI.  Features included (+) or not (-):
+acl               +file_in_path      +mouse_urxvt       -tag_any_white
+arabic            +find_in_path      +mouse_xterm       +tcl
+autocmd           +float             +multi_byte        +termguicolors
[...]
vim-9.0 vim-9 version-9.0 version9.0
Welcome to Vim 9!  Several years have passed since the previous release.
......
<crashed out

$ vim output
E325: ATTENTION
Found a swap file by the name ".output.swp"
          owned by: lcl   dated: Mon Jan 23 18:42:01 2023
         file name: ~lcl/docs/output
          modified: no
         user name: lcl   host name: canopus
        process ID: 1902692 (STILL RUNNING)
.......
Swap file ".output.swp" already exists!
[O]pen Read-Only, (E)dit anyway, (R)ecover, (Q)uit, (A)bort: 

E

%!PS-Adobe-3.0
%%Title: bindoc
%%For: Len Lawrence
%%Creator: a2ps version 4.14
%%CreationDate: Sat Jan 14 15:13:09 2023
--------------------------------------------------------------------------

Used various commands to modify the text:
character deletion       x
line deletion            dd
restore                  p
change to insertion mode i or a or b == immediate, after, before
Esc to return to command mode

/ text   Find text (just like less/more)  Return to continue.
Line numbers and cursor position appear at the bottom of the window.
In command mode v switches on VISUAL which seems to mean highlighting traversed text when moving up or down the file and picking out paired parentheses and braces on the current line.
Tried out ways to quit in successive tests.

Esc :q
E37: No write since last change (add ! to override)
:q!
Works.
Restart, edit a few lines.
Esc :wq

File saved with changes.
Note also that the Postscript code was colour coded. The colour scheme may be universal.  Ruby code is coloured the same way emacs does it.

Just scratching the surface but vim seems to work without regressions.

CC: (none) => tarazed25
Whiteboard: (none) => MGA8-64-OK

Advisory committed to svn. Validating based on comment 3

Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0021.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

This update also fixed CVE-2023-0054, CVE-2023-0288:
https://ubuntu.com/security/notices/USN-5836-1

This update also fixed CVE-2023-0051:
https://lists.suse.com/pipermail/sle-security-updates/2023-January/013596.html

(In reply to David Walser from comment #7)
> This update also fixed CVE-2023-0051:
> https://lists.suse.com/pipermail/sle-security-updates/2023-January/013596.
> html

openSUSE reference:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YTSMWBSYCUOQ5M745FWM6JT2JSX5KYBG/