Fedora has issued an advisory today (January 7): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/ The issues are fixed upstream in vim 8.2.3923.
Status comment: (none) => Fixed upstream in vim 8.2.3923
fixed in mga8 src: - vim-8.2.4006-1.mga8
Status comment: Fixed upstream in vim 8.2.3923 => (none)Assignee: bugsquad => qa-bugsCC: (none) => mageia
vim-X11-8.2.4006-1.mga8 vim-enhanced-8.2.4006-1.mga8 vim-minimal-8.2.4006-1.mga8 vim-common-8.2.4006-1.mga8 from vim-8.2.4006-1.mga8.src.rpm
mga8, x64 vim has been in use here on and off. Updated the four packages. Edited copies of a few ruby files. Syntax highlighting works. Checked insert and command modes. Tried various commands like i,a,b,shift-l,r,x,d,p,Ctrl-h. Multiple undos work fine (u in command mode, default mode backwards, Ctrl-R to move forwards again). :wq to save and quit. Restarted on same file. Changed a character and quit without saving. :q! Restarted on same file. Inserted a word and tried to quit without saving. :q "E37: No write since last change (add ! to override)" :help vi_diff.txt split the window horizontally and presented the required help in the upper panel. Skimmed through it - there is a lot to read. :exit to remove help window. Leaving it there. No apparent regressions.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Should have tried some of the related commands. view works, displaying the text in readonly mode. No evim. gvim seems to be the same as vim apart from reversing the foreground/background colours. rvim launches but gives errors on a plain text file - no idea about that one. ex starts in Ex mode, whatever that is - the text is invisible but :visual resumes normal mode. Esoterica for most of us probably.
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisorySummary: vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4186 => vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187CC: (none) => davidwhodgins
This update also fixes CVE-2021-46059: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/
Keywords: advisory => (none)Summary: vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187 => vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-46059
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0015.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Two more CVEs fixed in this update... CVE-2021-4193 vim is vulnerable to Out-of-bounds Read 8.2.3950 https://bugzilla.redhat.com/show_bug.cgi?id=2039687 CVE-2021-4192 vim is vulnerable to Use After Free 8.2.3949 https://bugzilla.redhat.com/show_bug.cgi?id=2039685
Summary: vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-46059 => vim new security issues CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-419[23], CVE-2021-46059Keywords: (none) => advisory