29501 – vim new security issues CVE-2021-3778 and CVE-2021-3796

Bug 29501 - vim new security issues CVE-2021-3778 and CVE-2021-3796

Summary: vim new security issues CVE-2021-3778 and CVE-2021-3796

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-09-29 00:36 CEST by David Walser
Modified:	2021-10-20 23:29 CEST (History)
CC List:	6 users (show)

See Also:
Source RPM:	vim-8.2.2143-3.1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-09-29 00:36:21 CEST

Ubuntu has issued an advisory today (September 28):
https://ubuntu.com/security/notices/USN-5093-1

The issues are fixed upstream in 8.2.3428.

David Walser 2021-09-29 00:36:31 CEST

Status comment: (none) => Fixed upstream in 8.2.3428

Comment 1 Marja Van Waes 2021-09-29 20:06:55 CEST

Assigning to the registered maintainer

Assignee: bugsquad => thierry.vignaud
CC: (none) => marja11

Comment 2 David Walser 2021-10-01 16:10:46 CEST

More info on these CVEs (the first one here was fixed in Bug 29444):
https://www.openwall.com/lists/oss-security/2021/10/01/1

Comment 3 Nicolas Lécureuil 2021-10-17 20:51:27 CEST

Fixed in mga8/9


src:
    - vim-8.2.2143-3.1.mga8

Assignee: thierry.vignaud => qa-bugs
CC: (none) => mageia
Status comment: Fixed upstream in 8.2.3428 => (none)

Comment 4 David Walser 2021-10-17 20:58:12 CEST

vim-X11-8.2.2143-3.1.mga8
vim-enhanced-8.2.2143-3.1.mga8
vim-minimal-8.2.2143-3.1.mga8
vim-common-8.2.2143-3.1.mga8

from vim-8.2.2143-3.1.mga8.src.rpm

Comment 5 Nicolas Lécureuil 2021-10-17 21:11:25 CEST

Sorry forgot to bump rel

rpms:

vim-X11-8.2.2143-3.2.mga8
vim-enhanced-8.2.2143-3.2.mga8
vim-minimal-8.2.2143-3.2.mga8
vim-common-8.2.2143-3.2.mga8

from vim-8.2.2143-3.2.mga8.src.rpm

Comment 6 Herman Viaene 2021-10-18 11:22:00 CEST

MGA8-64 Plasma on Lenovo B50
No installation issues.
Could do a little editinng on a txt file, searching deep into my memory for the vi commands. Worked OK.
No further comments :-(

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 7 Thomas Andrews 2021-10-18 16:24:35 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 8 David Walser 2021-10-18 21:38:44 CEST

Fedora has issued an advisory for this on October 16:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/

Dave Hodgins 2021-10-20 21:24:49 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 9 Mageia Robot 2021-10-20 23:29:57 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0481.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.