Fedora has issued an advisory today (October 23): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/ The issues are fixed upstream in 9.0.2010. Mageia 8 and 9 are also affected.
Suggested advisory: ======================== The updated packages fix security vulnerabilities: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. (CVE-2023-5441) Use After Free in GitHub repository vim/vim prior to v9.0.2010. (CVE-2023-5535) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5441 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5535 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/ ======================== Updated packages in {8|9}/core/updates_testing: ======================== vim-X11-9.0.2059-1.mga{8|9} vim-common-9.0.2059-1.mga{8|9} vim-enhanced-9.0.2059-1.mga{8|9} vim-minimal-9.0.2059-1.mga{8|9} from SRPM: vim-9.0.2059-1.mga{8|9}.src.rpm
Assignee: bugsquad => qa-bugsSource RPM: (none) => vim-9.0.1882-1.mga9.src.rpmWhiteboard: (none) => MGA8TOOCC: (none) => nicolas.salgueroVersion: Cauldron => 9Status: NEW => ASSIGNED
Advisory from comment 1 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisoryCC: (none) => marja11
MGA9-64 Xfce on Acer Aspire 5253 No installation issues. Opened a .txt file with vim, exercised the a, i, x , dd and w commands. Exited with q command and used pluma to check the changes. All works OK.
Whiteboard: MGA8TOO => MGA8TOO MGA9-64-OKCC: (none) => herman.viaene
Tested on Mageia 8 i586, nothing weird
Whiteboard: MGA8TOO MGA9-64-OK => MGA8TOO MGA9-64-OK MGA8-32-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0305.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED