References: https://openwall.com/lists/oss-security/2024/08/01/1 (CVE-2024-41957) https://openwall.com/lists/oss-security/2024/08/01/2 https://openwall.com/lists/oss-security/2024/08/15/6 (CVE-2024-43374) https://openwall.com/lists/oss-security/2024/08/22/3 https://openwall.com/lists/oss-security/2024/08/25/1 https://openwall.com/lists/oss-security/2024/08/31/1 All those problems are fixed at least in 9.1.0707.
CVE: (none) => CVE-2024-41957, CVE-2024-43374Whiteboard: (none) => MGA9TOOSource RPM: (none) => vim-9.1.672-2.mga10.src.rpm
Assigning to the registered maintainer.
Assignee: bugsquad => thierry.vignaudCC: (none) => marja11
Suggested advisory: ======================== The updated packages fix security vulnerabilities, including: Use-after-free in tagstack_clear_entry() in Vim < v9.1.0647. (CVE-2024-41957) Use-after-free in alist_add() in Vim < v9.1.0678. (CVE-2024-43374) References: https://openwall.com/lists/oss-security/2024/08/01/1 https://openwall.com/lists/oss-security/2024/08/01/2 https://openwall.com/lists/oss-security/2024/08/15/6 https://openwall.com/lists/oss-security/2024/08/22/3 https://openwall.com/lists/oss-security/2024/08/25/1 https://openwall.com/lists/oss-security/2024/08/31/1 ======================== Updated packages in core/updates_testing: ======================== vim-X11-9.1.719-1.mga9 vim-common-9.1.719-1.mga9 vim-enhanced-9.1.719-1.mga9 vim-minimal-9.1.719-1.mga9 from SRPM: vim-9.1.719-1.mga9.src.rpm
Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDSource RPM: vim-9.1.672-2.mga10.src.rpm => vim-9.1.411-1.1.mga9.src.rpmAssignee: thierry.vignaud => qa-bugsVersion: Cauldron => 9
Keywords: (none) => advisory
mga9, x64 Did not try to reproduce the use-after-free issues. Updated the packages and found no problems with vim. The usual vi type commands all worked as they should. Looks OK to me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => tarazed25
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0285.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
This version also fixed CVE-2024-43802 (fixed since v9.1.0697): https://ubuntu.com/security/notices/USN-7048-1
Summary: vim new security issues including CVE-2024-41957, CVE-2024-43374 => vim new security issues including CVE-2024-41957, CVE-2024-43374, CVE-2024-43802CVE: CVE-2024-41957, CVE-2024-43374 => CVE-2024-41957, CVE-2024-43374, CVE-2024-43802