Bug 29444 - vim new security issue CVE-2021-3770
Summary: vim new security issue CVE-2021-3770
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2021-09-07 20:00 CEST by David Walser
Modified: 2021-09-13 02:07 CEST (History)
5 users (show)

See Also:
Source RPM: vim-8.2.2143-2.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-09-07 20:00:39 CEST
Fedora has issued an advisory today (September 7):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/

The issue is fixed upstream in 8.2.3402:
https://bugzilla.redhat.com/show_bug.cgi?id=2001929

I'm not sure if neovim is affected.
David Walser 2021-09-07 20:01:18 CEST

CC: (none) => thierry.vignaud
Status comment: (none) => Fixed upstream in 8.2.3402

Comment 1 Nicolas Lécureuil 2021-09-08 10:16:43 CEST
New vim package:

src:
    - vim-8.2.2143-3.1.mga8


i took a look and seems this is not valid on neovim.

Assignee: bugsquad => qa-bugs
Status comment: Fixed upstream in 8.2.3402 => (none)
CC: (none) => mageia

Comment 2 David Walser 2021-09-08 23:07:11 CEST
Package list:
vim-X11-8.2.2143-3.1.mga8
vim-enhanced-8.2.2143-3.1.mga8
vim-minimal-8.2.2143-3.1.mga8
vim-common-8.2.2143-3.1.mga8

from vim-8.2.2143-3.1.mga8.src.rpm
Comment 3 Len Lawrence 2021-09-11 19:10:56 CEST
mga8, x64

Updated the four packages.
vim working as expected; mode switching, keystroke commands, copy&paste.  Tried :q, :q! and :wq exit commands.
Tried editing filelist and using the :next command - worked fine.
Tried unfamiliar commands like search back (:?pattern) and forwards (;/).  Looks like those work.   
Researched tags but found they apply to code only and come in several varieties.  Not today thank you.

This looks OK for 64-bits.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

Comment 4 Thomas Andrews 2021-09-13 02:07:53 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs


Note You need to log in before you can comment on or make changes to this bug.