Ubuntu has issued an advisory on March 23: https://usn.ubuntu.com/4309-1/ The issue is fixed upstream in 8.1.2136.
CC: (none) => mramboStatus comment: (none) => Fixed upstream in 8.1.2136Assignee: bugsquad => thierry.vignaud
Updated package uploaded for Mageia 7. Advisory: ======================== Updated vim package fixes security vulnerability: It was discovered that the autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory (CVE-2019-20079). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20079 https://usn.ubuntu.com/4309-1/ ======================== Updated packages in core/updates_testing: ======================== vim-common-8.1.2136-1.mga7 vim-enhanced-8.1.2136-1.mga7 vim-minimal-8.1.2136-1.mga7 vim-X11-8.1.2136-1.mga7 from vim-8.1.2136-1.mga7.src.rpm
Assignee: thierry.vignaud => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues Tested by creating a new file and exercising the a, i, :w, :q , x and dd commands $ vim-enhanced testvim.txt $ more testvim.txt Een lijntje met rommel En nog wat er bij. $ vim-minimal testvim.txt $ more testvim.txt Een lijntje met rommel Nog eentje ertusschen. bybyobobboobbb ! g !è !! ooè!o!è En nog wat er bij. Nog wat erna. $ vim-minimal testvim.txt $ more testvim.txt Een lijntje met rommel Nog eentje ertussen. En nog wat er bij. Nog wat erna. I don't remember any other vi commands and I don't want to load my memory capacity with them. All looks OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Beat me to it again Herman. Had been reading the documentation on autocmd. Since that is the area where the trouble lay it seemed worth testing. Lifted an autocmd example from the documentation and dumped it to a local .vimrc. :augroup gzip : autocmd! : autocmd BufReadPre,FileReadPre *.gz set bin : autocmd BufReadPost,FileReadPost *.gz '[,']!gunzip : autocmd BufReadPost,FileReadPost *.gz set nobin : autocmd BufReadPost,FileReadPost *.gz execute ":doautocmd BufReadPost " . expand("%:r") : autocmd BufWritePost,FileWritePost *.gz !mv <afile> <afile>:r : autocmd BufWritePost,FileWritePost *.gz !gzip <afile>:r : autocmd FileAppendPre *.gz !gunzip <afile> : autocmd FileAppendPre *.gz !mv <afile>:r <afile> : autocmd FileAppendPost *.gz !mv <afile> <afile>:r : autocmd FileAppendPost *.gz !gzip <afile>:r :augroup END Updated the four packages for mga7, x86_64. Created a small text file in tmp. $ gzip tmp/test.txt $ ll -rw-r--r-- 1 lcl lcl 155 Mar 27 10:21 test.txt.gz $ vim tmp/test.txt.gz <That worked - the text showed up in the buffer> <Added a few lines and saved it> $ ll tmp/test.txt.gz -rw-r--r-- 1 lcl lcl 206 Mar 27 10:26 tmp/test.txt.gz $ cd tmp $ gunzip test.txt.gz $ cat test.txt ------------------------------------------ | | | Twas brillig and the slithy toves | | Did gyre and and gimble in the wabe. | | All mimsy were the borogoves | | And the mome raths outgrabe. | | | ------------------------------------------ The Hunting of the Jabberwock Lewis Carroll aka the Reverend Charles Dodgson The attribution was added in the vim session, so the autocmd function works, if I understand the documentation. Reinforcing Herman's OK.
CC: (none) => tarazed25
Tag-teaming them now, eh? Great! Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0151.html
Status: NEW => RESOLVEDResolution: (none) => FIXED