FEDORA-2022-c174bf8c49 — security update for vim

obsolete

vim-8.2.4314-1.fc34

FEDORA-2022-c174bf8c49 created by zdohnal 3 years ago for Fedora 34

Security fixes for CVE-2022-0408, CVE-2022-0413, CVE-2022-0393, CVE-2022-0417, CVE-2022-0443

This update has been submitted for testing by zdohnal.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'failed'.

3 years ago

This update has been pushed to testing.

3 years ago

suve provided feedback 3 years ago

karma

This update has been obsoleted by vim-8.2.4386-1.fc34.

3 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

failed

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

14 days

Thresholds

Minimum Karma

Minimum Testing

14 days

Dates

submitted

3 years ago

in testing

3 years ago

Builds

vim-8.2.4314-1.fc34

BZ#2048515 CVE-2022-0408 vim: Stack-based Buffer Overflow in spellsuggest.c

BZ#2048516 CVE-2022-0408 vim: Stack-based Buffer Overflow in spellsuggest.c [fedora-all]

BZ#2048519 CVE-2022-0413 vim: Use after free in src/ex_cmds.c

BZ#2048520 CVE-2022-0413 vim: use after free in src/ex_cmds.c [fedora-all]

BZ#2049180 CVE-2022-0393 vim: out-of-bounds read in delete_buff_tail() in getchar.c

BZ#2049181 CVE-2022-0393 vim: out-of-bounds read in delete_buff_tail() in getchar.c [fedora-all]

BZ#2050149 CVE-2022-0417 vim: heap-based-buffer-overflow in ex_retab() of src/indent.c

BZ#2050150 CVE-2022-0417 vim: heap-based-buffer-overflow in ex_retab() of src/indent.c [fedora-all]

BZ#2050182 CVE-2022-0443 vim: heap-use-after-free in enter_buffer() of src/buffer.c

BZ#2050183 CVE-2022-0443 vim: heap-use-after-free in enter_buffer() of src/buffer.c [fedora-all]

vim-8.2.4314-1.fc34

Automated Test Results

For help debugging failed Fedora CI tests (fedora-ci.*), contact the Fedora CI team.
For help debugging failed Fedora CoreOS tests (coreos.*), contact the Fedora CoreOS team.
For help debugging failed openQA tests (update.*), contact the Fedora Quality team, who will usually investigate and diagnose all failures within 24 hours.

failed