29730 – vim new security issue CVE-2021-4019

Bug 29730 - vim new security issue CVE-2021-4019

Summary: vim new security issue CVE-2021-4019

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-12-05 16:41 CET by David Walser
Modified:	2021-12-08 21:05 CET (History)
CC List:	6 users (show)

See Also:
Source RPM:	vim-8.2.3642-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-12-05 16:41:11 CET

Fedora has issued an advisory on December 4:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DRPAI5JVZLI7WHWSBR6NWAPBQAYUQREW/

The issue is fixed upstream in 8.2.3669.

Comment 1 Lewis Smith 2021-12-05 17:39:34 CET

This is definitely for Thierry.
How things move fast: 8.2.3642 was committed just 12d ago, but 8.2.3717 is already in Cauldron!

Assignee: bugsquad => thierry.vignaud

Comment 2 Nicolas Lécureuil 2021-12-05 22:36:50 CET

fixed in mga8:

src:
   - vim-8.2.3717-1.mga8

CC: (none) => mageia, thierry.vignaud
Assignee: thierry.vignaud => qa-bugs

Comment 3 David Walser 2021-12-06 04:12:33 CET

vim-X11-8.2.3717-1.mga8
vim-enhanced-8.2.3717-1.mga8
vim-minimal-8.2.3717-1.mga8
vim-common-8.2.3717-1.mga8

from vim-8.2.3717-1.mga8.src.rpm

Comment 4 Herman Viaene 2021-12-06 13:26:25 CET

MGA8-64 Plasma on Lenovo B50
No installation issues.
Used vimx to edit some text file: works OK

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2021-12-07 14:05:26 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2021-12-08 01:29:27 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2021-12-08 21:05:38 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0545.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.