Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1

To: James McCoy <jamessan@debian.org>, 995748@bugs.debian.org
Subject: Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 04 Dec 2021 17:36:58 +0000
Message-id: <[🔎] 944a96ef3ea12a5947f1f2ee4302fb6f2b5d2980.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 995748@bugs.debian.org
In-reply-to: <163340055741.478644.11430877554947256961.reportbug@localhost>
References: <163340055741.478644.11430877554947256961.reportbug@localhost> <163340055741.478644.11430877554947256961.reportbug@localhost>

Control: tags -1 + confirmed

On Mon, 2021-10-04 at 22:22 -0400, James McCoy wrote:
> Various "non DSA" CVEs have accumulated in Vim, and it seemed like a
> good idea to get a new upload addressing those.
> 
> [ Impact ]
> * CVE-2019-20807 - Shell commands can be executed from rvim
> (restricted
>   vim) via the bindings to other programming languages
> * CVE-2021-3770 / #994076 - Invalid memory access when a very large
>   number is given to :retab command
> * CVE-2021-3778 / #994498 - Reading beyond end of line when invalid
>   utf-8 character is encountered
> * CVE-2021-3796 / #994497 - Using freed memory in replace mode
> 

Please go ahead, thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#998042: buster-pu: package jbig2dec/0.16-1+deb10u1
Next by Date: Processed: Re: Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
Previous by thread: Bug#998042: buster-pu: package jbig2dec/0.16-1+deb10u1
Next by thread: Processed: Re: Bug#995748: buster-pu: package vim/2:8.1.0875-5+deb10u1
Index(es):
- Date
- Thread