30561 – vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5]

Bug 30561 - vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5]

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2022-06-17 16:40 CEST by David Walser
Modified:	2023-02-01 17:13 CET (History)
CC List:	5 users (show)

See Also:
Source RPM:	vim-8.2.5052-1.mga8.src.rpm
CVE:	CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-323[45]
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-06-17 16:40:28 CEST

Fedora has issued an advisory today (June 17):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/

The issue is fixed upstream in 8.2.5063.

David Walser 2022-06-17 16:40:38 CEST

Status comment: (none) => Fixed upstream in 8.2.5063

Comment 1 Lewis Smith 2022-06-17 21:37:31 CEST

Assigning to tv who looks after vim.

Assignee: bugsquad => thierry.vignaud

Comment 2 David Walser 2022-06-21 23:15:47 CEST

Debian-LTS has issued an advisory on June 20:
https://www.debian.org/lts/security/2022/dla-3053

It fixes two new issues that are fixed upstream in 8.2.5123.

Status comment: Fixed upstream in 8.2.5063 => Fixed upstream in 8.2.5123
Summary: vim new security issue CVE-2022-2000 => vim new security issues CVE-2022-2000, CVE-2022-2124, CVE-2022-2126

Comment 3 David Walser 2022-06-25 19:07:11 CEST

Ubuntu has issued an advisory on June 23:
https://ubuntu.com/security/notices/USN-5492-1

The issue is fixed upstream in 8.2.5072.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2124, CVE-2022-2126 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2126

Comment 4 David Walser 2022-06-30 20:19:25 CEST

Fedora has issued an advisory today (June 30):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/

It fixes several new issues that are fixed upstream in 8.2.5169.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-2124, CVE-2022-2126 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231
Status comment: Fixed upstream in 8.2.5123 => Fixed upstream in 8.2.5169

Comment 5 David Walser 2022-07-14 19:25:47 CEST

Fedora has issued an advisory today (July 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/

It fixes several new issues that are fixed upstream in 9.0.0035.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304
Status comment: Fixed upstream in 8.2.5169 => Fixed upstream in 9.0.0035

Comment 6 David Walser 2022-07-22 17:12:03 CEST

Fedora has issued an advisory on July 21:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/

It fixes three new issues that are fixed upstream in 9.0.0047.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304 => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5]
Status comment: Fixed upstream in 9.0.0035 => Fixed upstream in 9.0.0047

Comment 7 David Walser 2022-08-23 18:33:27 CEST

Fedora has issued an advisory today (August 23):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/

It fixes three new issues that are fixed upstream in 9.0.0213.

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5] => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5],CVE-2022-281[679]
Status comment: Fixed upstream in 9.0.0047 => Fixed upstream in 9.0.0213

Comment 8 David Walser 2022-09-01 23:23:55 CEST

Fedora has issued an advisory today (September 1):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/

It fixes four new issues that are fixed upstream in 9.0.0245.

CVEs have overflowed from the subject into the CVEs field again...

CVE: (none) => CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946
Status comment: Fixed upstream in 9.0.0213 => Fixed upstream in 9.0.0245

Comment 9 David Walser 2022-09-06 21:25:41 CEST

Fedora has issued an advisory on September 4:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/

It fixes one new issue that is fixed upstream in 9.0.0322.

CVE: CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946 => CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3037
Status comment: Fixed upstream in 9.0.0245 => Fixed upstream in 9.0.0322

Comment 10 David Walser 2022-09-09 19:36:59 CEST

SUSE has issued an advisory on September 9:
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.html

It includes several other CVEs that will be fixed in this update.

Summary: ,CVE-2022-281[679] => (none)
CVE: CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3037 => CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016, CVE-2022-3037
Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-228[5-9], CVE-2022-2264, CVE-2022-2304, CVE-2022-234[3-5] => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5]

David Walser 2022-09-09 19:38:57 CEST

Summary: vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2126, CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5] => vim new security issues CVE-2022-2000, CVE-2022-2042, CVE-2022-212[4569], CVE-2022-2175, CVE-2022-218[23], CVE-2022-220[6-8], CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-228[4-9], CVE-2022-2304, CVE-2022-234[3-5]

Comment 11 David Walser 2022-09-09 19:40:23 CEST

(In reply to David Walser from comment #10)
> SUSE has issued an advisory on September 9:
> https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.
> html
> 
> It includes several other CVEs that will be fixed in this update.

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUQDO2AKYFBQGJNMY6TUKLRL7L6M3NZB/

Comment 12 David Walser 2022-09-14 23:09:34 CEST

Fedora has issued an advisory today (September 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/

It fixes several more issues that are fixed upstream in 9.0.0360.

CVE: CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016, CVE-2022-3037 => CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099
Status comment: Fixed upstream in 9.0.0322 => Fixed upstream in 9.0.0360

Comment 13 David Walser 2022-10-14 20:00:34 CEST

Fedora has issued an advisory today (October 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/

It fixes several more issues that are fixed upstream in 9.0.0614.

Now the CVE field is also filled, so adding more CVEs to personal tags.

Status comment: Fixed upstream in 9.0.0360 => Fixed upstream in 9.0.0614
CVE: CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099 => CVE-2022-2522, CVE-2022-2571, CVE-2022-258[01], CVE-2022-2598, CVE-2022-281[679], CVE-2022-284[59], CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-298[02], CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-323[45]

Comment 14 David Walser 2022-10-14 20:01:27 CEST

Doesn't look like anyone else can see personal tags.

CVE-2022-3256, CVE-2022-3278, CVE-2022-329[67], CVE-2022-3324, CVE-2022-3352

are the additional CVEs.

Comment 15 David Walser 2022-11-07 21:17:39 CET

Fedora has issued an advisory on November 5:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/

It fixes one additional issue that is fixed upstream in 9.0.0805.

It is CVE-2022-3705.

Status comment: Fixed upstream in 9.0.0614 => Fixed upstream in 9.0.0805

Comment 16 David Walser 2022-11-11 18:21:11 CET

Debian-LTS has issued an advisory for this on November 8:
https://www.debian.org/lts/security/2022/dla-3182

It also notes that this update (if we ever do it) will fix CVE-2022-3134.

Comment 17 Nicolas Salguero 2022-11-16 12:23:36 CET

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. (CVE-2022-2000, CVE-2022-2129, CVE-2022-2210)

Use After Free in GitHub repository vim/vim prior to 8.2. (CVE-2022-2042)

Buffer Over-read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2124, CVE-2022-2175)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125, CVE-2022-2182, CVE-2022-2207)

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126, CVE-2022-2183, CVE-2022-2206)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. (CVE-2022-2208)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. (CVE-2022-2231)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. (CVE-2022-2257, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2264, CVE-2022-2284)

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. (CVE-2022-2285)

Use After Free in GitHub repository vim/vim prior to 9.0. (CVE-2022-2289)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. (CVE-2022-2304)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. (CVE-2022-2343)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. (CVE-2022-2344)

Use After Free in GitHub repository vim/vim prior to 9.0.0046. (CVE-2022-2345)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. (CVE-2022-2522)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. (CVE-2022-2571)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. (CVE-2022-2580)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. (CVE-2022-2581)

Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100. (CVE-2022-2598)

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. (CVE-2022-2816)

Use After Free in GitHub repository vim/vim prior to 9.0.0213. (CVE-2022-2817)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. (CVE-2022-2819)

Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. (CVE-2022-2845)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. (CVE-2022-2849)

Use After Free in GitHub repository vim/vim prior to 9.0.0221. (CVE-2022-2862)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. (CVE-2022-2874)

Use After Free in GitHub repository vim/vim prior to 9.0.0225. (CVE-2022-2889)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. (CVE-2022-2923)

Use After Free in GitHub repository vim/vim prior to 9.0.0246. (CVE-2022-2946)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. (CVE-2022-2980)

Use After Free in GitHub repository vim/vim prior to 9.0.0260. (CVE-2022-2982)

Use After Free in GitHub repository vim/vim prior to 9.0.0286. (CVE-2022-3016)

Use After Free in GitHub repository vim/vim prior to 9.0.0322. (CVE-2022-3037)

Use After Free in GitHub repository vim/vim prior to 9.0.0360. (CVE-2022-3099)

Use After Free in GitHub repository vim/vim prior to 9.0.0389. (CVE-2022-3134)

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. (CVE-2022-3234)

Use After Free in GitHub repository vim/vim prior to 9.0.0490. (CVE-2022-3235)

Use After Free in GitHub repository vim/vim prior to 9.0.0530. (CVE-2022-3256)

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. (CVE-2022-3278)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. (CVE-2022-3296)

Use After Free in GitHub repository vim/vim prior to 9.0.0579. (CVE-2022-3297)

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. (CVE-2022-3324)

Use After Free in GitHub repository vim/vim prior to 9.0.0614. (CVE-2022-3352)

Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. (CVE-2022-3705)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2208
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2210
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2231
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2257
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2288
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2289
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2344
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3324
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3705
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JJNUS4AEVYSEJMCK6JZB57QHD5V2G4O/
https://www.debian.org/lts/security/2022/dla-3053
https://ubuntu.com/security/notices/USN-5492-1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXPO5EHDV6J4B27E65DOQGZFELUFPRSK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43Y3VJPOTTY3NTREDIFUPITM2POG4ZLP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012199.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUQDO2AKYFBQGJNMY6TUKLRL7L6M3NZB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/
https://www.debian.org/lts/security/2022/dla-3182
========================

Updated packages in core/updates_testing:
========================
vim-common-9.0.828-1.mga8
vim-enhanced-9.0.828-1.mga8
vim-minimal-9.0.828-1.mga8
vim-X11-9.0.828-1.mga8

from SRPM:
vim-9.0.828-1.mga8.src.rpm

CC: (none) => nicolas.salguero
Status: NEW => ASSIGNED
Assignee: thierry.vignaud => qa-bugs
Status comment: Fixed upstream in 9.0.0805 => (none)

Comment 18 Herman Viaene 2022-11-18 17:03:53 CET

MGA8-64 MATE on Acer Aspire 5253
No installation issues
Muddled around with basic commands as a, d, i, x. Edditing followed indenting of the java file OK. Wrote changes to the file and exited OK.
Good enough for me.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 19 Thomas Andrews 2022-11-18 17:57:57 CET

Validating. Advisory in comment 17.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-11-18 22:28:49 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 20 Mageia Robot 2022-11-18 23:52:01 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0430.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Comment 21 David Walser 2022-11-30 17:56:31 CET

This update also fixed CVE-2022-3153:
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.html

Comment 22 David Walser 2022-11-30 18:00:19 CET

(In reply to David Walser from comment #21)
> This update also fixed CVE-2022-3153:
> https://lists.suse.com/pipermail/sle-security-updates/2022-November/013152.
> html

Equivalent openSUSE advisory:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZR42N7RDVASXTO4OCBY3ISIU6INSOWWQ/

Comment 23 David Walser 2022-12-13 16:20:28 CET

This update also fixed CVE-2022-3591:
https://ubuntu.com/security/notices/USN-5775-1

Comment 24 David Walser 2022-12-28 17:51:43 CET

This update also fixed CVE-2022-3491 CVE-2022-3520 CVE-2022-4293:
https://lists.suse.com/pipermail/sle-security-updates/2022-December/013353.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W5H77Y5VXKUNUOHKTM222OKNCBNPW4P4/

Comment 25 David Walser 2023-02-01 17:13:20 CET

This update also fixed CVE-2022-47024:
https://ubuntu.com/security/notices/USN-5836-1

Note You need to log in before you can comment on or make changes to this bug.