#15671 closed enhancement (fixed)

Sync VIM to LFS

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

The current version of VIM in LFS is 8.2.3458, while the current version in BLFS is 8.2.3337

Three security vulnerabilities exist in VIM as in BLFS, but have been fixed in the version in LFS.

CVE-2021-3770 - VIM: Heap-based Buffer Overflow in ex_retab()

CVE-2021-3778 - VIM: Heap-based Buffer Overflow in utf_ptr2char()

CVE-2021-3796 - VIM: Use After Free in nv_replace()

All three of these CVEs have reproducers available as well

Change History (2)

comment:1 by Bruce Dubbs, 14 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 14 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commit a8307df565ee64bda04a0eec2f38df4827c27aec

Package updates.
    Upgrade to imlib2-1.7.4.
    Upgrade to vim-8.2.3508.
    Upgrade to Jinja2-3.0.2.
    Upgrade to python3-3.10.0.
Note: See TracTickets for help on using tickets.