Opened 3 years ago
Closed 3 years ago
#15671 closed enhancement (fixed)
Sync VIM to LFS
| Reported by: | Douglas R. Reno | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
The current version of VIM in LFS is 8.2.3458, while the current version in BLFS is 8.2.3337
Three security vulnerabilities exist in VIM as in BLFS, but have been fixed in the version in LFS.
CVE-2021-3770 - VIM: Heap-based Buffer Overflow in ex_retab()
CVE-2021-3778 - VIM: Heap-based Buffer Overflow in utf_ptr2char()
CVE-2021-3796 - VIM: Use After Free in nv_replace()
All three of these CVEs have reproducers available as well
Change History (2)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at commit a8307df565ee64bda04a0eec2f38df4827c27aec
Package updates. Upgrade to imlib2-1.7.4. Upgrade to vim-8.2.3508. Upgrade to Jinja2-3.0.2. Upgrade to python3-3.10.0.