Debian Bug report logs -
#1004859
vim : CVE-2022-0318
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to team@security.debian.org, Debian Vim Maintainers <team+vim@tracker.debian.org>:
Bug#1004859; Package vim.
(Wed, 02 Feb 2022 14:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to YABUKI Yukiharu <yabuki@netfort.gr.jp>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Vim Maintainers <team+vim@tracker.debian.org>.
(Wed, 02 Feb 2022 14:21:04 GMT) (full text, mbox, link).
Message #5 received at maintonly@bugs.debian.org (full text, mbox, reply):
Package: vim
Version: 2:8.2.3995-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
Dear Maintainer,
You may already know vim has CVE-2022-0318
NVD - CVE-2022-0318
https://nvd.nist.gov/vuln/detail/CVE-2022-0318
And upstram has already fixed this issue.
patch 8.2.4151: reading beyond the end of a line · vim/vim@57df9e8
https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc
Best, Yukiharu.
-- Package-specific info:
--- real paths of main Vim binaries ---
/usr/bin/vi is /usr/bin/vim.gtk3
/usr/bin/vim is /usr/bin/vim.gtk3
/usr/bin/gvim is /usr/bin/vim.gtk3
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.0-3-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_DIE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages vim depends on:
ii libacl1 2.3.1-1
ii libc6 2.33-5
ii libgpm2 1.20.7-10
ii libselinux1 3.3-1+b1
ii libsodium23 1.0.18-1
ii libtinfo6 6.3-2
ii vim-common 2:8.2.3995-1
ii vim-runtime 2:8.2.3995-1
vim recommends no packages.
Versions of packages vim suggests:
ii universal-ctags [ctags] 5.9.20210829.0-1
ii vim-doc 2:8.2.3995-1
ii vim-scripts 20210124.2
-- no debconf information
Severity set to 'normal' from 'grave'
Request was from Moritz Muehlenhoff <jmm@inutil.org>
to control@bugs.debian.org.
(Wed, 02 Feb 2022 14:51:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Feb 3 12:09:34 2022;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon