Bug 29891 - vim new security issues CVE-2022-01[25]8, CVE-2022-0156, CVE-2022-0213
Summary: vim new security issues CVE-2022-01[25]8, CVE-2022-0156, CVE-2022-0213
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-01-15 00:57 CET by David Walser
Modified: 2022-01-18 20:30 CET (History)
6 users (show)

See Also:
Source RPM: vim-8.2.4006-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2022-01-15 00:57:23 CET
Fedora has issued an advisory today (January 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/

The issues are fixed upstream in 8.2.4049.
David Walser 2022-01-15 00:57:38 CET

Status comment: (none) => Fixed upstream in 8.2.4049

Comment 1 David Walser 2022-01-15 00:59:18 CET
CVE-2021-46059 is already fixed in Bug 29856.

Summary: vim new security issues CVE-2021-46059, CVE-2022-0158, CVE-2022-0156 => vim new security issues CVE-2022-0158 and CVE-2022-0156

Comment 2 David Walser 2022-01-15 16:56:39 CET
Two more CVEs fixed upstream...

CVE-2022-0213 	vim is vulnerable to Heap-based Buffer Overflow
8.2.4074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0213

CVE-2022-0128 	vim is vulnerable to Out-of-bounds Read
8.2.4009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0128

Status comment: Fixed upstream in 8.2.4049 => Fixed upstream in 8.2.4074
Summary: vim new security issues CVE-2022-0158 and CVE-2022-0156 => vim new security issues CVE-2022-01[25]8, CVE-2022-0156, CVE-2022-0213

Comment 3 Lewis Smith 2022-01-15 20:51:29 CET
This security update is clearly for Thierry.

Assignee: bugsquad => thierry.vignaud

Comment 4 Nicolas Lécureuil 2022-01-16 20:28:49 CET
updated to 4114

src:
    - vim-8.2.4114-1.mga8

Status comment: Fixed upstream in 8.2.4074 => (none)
CC: (none) => mageia, thierry.vignaud
Assignee: thierry.vignaud => qa-bugs

Comment 5 David Walser 2022-01-16 22:02:34 CET
vim-X11-8.2.4114-1.mga8
vim-enhanced-8.2.4114-1.mga8
vim-minimal-8.2.4114-1.mga8
vim-common-8.2.4114-1.mga8

from vim-8.2.4114-1.mga8.src.rpm
Comment 6 Herman Viaene 2022-01-18 14:55:36 CET
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
Used vimx to edit some text file using commands i , a, dd, x wq: works OK

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 7 Thomas Andrews 2022-01-18 17:44:40 CET
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2022-01-18 19:09:10 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 8 Mageia Robot 2022-01-18 20:30:58 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0023.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.