Debian Bug report logs -
#854969
vim: CVE-2017-5953 does not properly validate values for tree length when handling a spell file
Reported by: Markus Koschany <apo@debian.org>
Date: Sun, 12 Feb 2017 17:27:01 UTC
Severity: important
Tags: patch, pending, security
Found in version vim/1:7.0-094+1
Fixed in versions vim/2:8.0.0197-2, 2:7.3.547-7+deb7u2, vim/2:7.4.488-7+deb8u2
Done: James McCoy <jamessan@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#854969; Package vim.
(Sun, 12 Feb 2017 17:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Markus Koschany <apo@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>.
(Sun, 12 Feb 2017 17:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: vim
Severity: important
Tags: security patch
Hi,
the following vulnerability was published for vim.
CVE-2017-5953[0]:
| vim before patch 8.0.0322 does not properly validate values for tree
| length when handling a spell file, which may result in an integer
| overflow at a memory allocation site and a resultant buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Patch:
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5953
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
[signature.asc (application/pgp-signature, attachment)]
Marked as found in versions vim/1:7.0-094+1.
Request was from James McCoy <jamessan@debian.org>
to control@bugs.debian.org.
(Sun, 12 Feb 2017 19:09:04 GMT) (full text, mbox, link).
Reply sent
to James McCoy <jamessan@debian.org>:
You have taken responsibility.
(Mon, 13 Feb 2017 01:21:03 GMT) (full text, mbox, link).
Notification sent
to Markus Koschany <apo@debian.org>:
Bug acknowledged by developer.
(Mon, 13 Feb 2017 01:21:03 GMT) (full text, mbox, link).
Message #12 received at 854969-close@bugs.debian.org (full text, mbox, reply):
Source: vim
Source-Version: 2:8.0.0197-2
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 854969@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Feb 2017 19:56:16 -0500
Source: vim
Binary: vim-common vim-gui-common vim-runtime vim-doc vim-tiny vim vim-gtk vim-gtk3 vim-nox vim-athena vim-gnome xxd
Architecture: source
Version: 2:8.0.0197-2
Distribution: unstable
Urgency: high
Maintainer: Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
vim - Vi IMproved - enhanced vi editor
vim-athena - Vi IMproved - enhanced vi editor - with Athena GUI
vim-common - Vi IMproved - Common files
vim-doc - Vi IMproved - HTML documentation
vim-gnome - Vi IMproved - enhanced vi editor (dummy package)
vim-gtk - Vi IMproved - enhanced vi editor - with GTK2 GUI
vim-gtk3 - Vi IMproved - enhanced vi editor - with GTK3 GUI
vim-gui-common - Vi IMproved - Common GUI files
vim-nox - Vi IMproved - enhanced vi editor - with scripting languages suppo
vim-runtime - Vi IMproved - Runtime files
vim-tiny - Vi IMproved - enhanced vi editor - compact version
xxd - tool to make (or reverse) a hex dump
Closes: 854969
Changes:
vim (2:8.0.0197-2) unstable; urgency=high
.
* Backport upstream patch v8.0.0322, to fix buffer overflow if a spellfile
has an invalid length in it. (Closes: #854969, CVE-2017-5953)
Checksums-Sha1:
3a99c09c70138e55aaab43c1114395c1f4050ade 2991 vim_8.0.0197-2.dsc
8519cb081a0abd3a9a0a543dde958ced1bd758f6 154560 vim_8.0.0197-2.debian.tar.xz
f04857962e573b6f1a9d427e39102bbfab16d5e4 18802 vim_8.0.0197-2_amd64.buildinfo
Checksums-Sha256:
5e92b119ca5de2f0734f364b4d8409085668ff67ca3ac61d745ea4e131334725 2991 vim_8.0.0197-2.dsc
8cc60b71ceda019d998707a4265216d7ef3d94aaf2dd04af1108ba720cc9db2e 154560 vim_8.0.0197-2.debian.tar.xz
1f8ba7a41e607553d92fc2faf75608d5b295a633d1c1a4bd43aaac43e4d084a4 18802 vim_8.0.0197-2_amd64.buildinfo
Files:
d9cd35ef6606322cf89ee8df60c39008 2991 editors optional vim_8.0.0197-2.dsc
d1b4a0b4c7373549eb83c240ba6ae34c 154560 editors optional vim_8.0.0197-2.debian.tar.xz
5dc9e093e012a8eed24a18bc1b87ea82 18802 editors optional vim_8.0.0197-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAlihB6lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9t88Q//U8kQ+AIZjvAaaZM4GhAEthiqqdGabhVc+8+nkHjZd7ymXoCb5NpBAbiG
e7GaHXfV7HhrGdyXjQ6+AkFzk/Itp8Ozs9VMEE2LnNTl9SjZrMbU2uqkjdi4ghA9
dcxRuLOeVdiHkOC1O5fRAr0w6W8smBhZ1I9RUrmXUYMkCqpDFL1ZrmUSO14b3XIZ
rrOOY3Hja4o4c5RRTNAEHuBWt7pmVFWns9t16XaVZf2hgQFXN+Kuv9MW11JBvndn
rE26k235YiiRW8vBIRSW3+d59rCKevDiddU4QOICu/NWh4D82KqNA8HtADZQ+Bnd
qN6WSxHVXxrAZO0lIs/4FgUtiYw0haHMYwFobP0uMsWn/ncy9X0RPnWV5CVf3TZV
M4PoVuxh9EpbxE7Ea+8JEsIItiVnc+VBSFgmTTyMlZ9bojO2ksMZW17j5HgYG8v+
B0o6qIneTztHUpvmTls+3NIXoVdZ27jG/6x6ooPRO+J8Kj8aS4Jq1t9R+g4qHSax
+cwn/R+/8PwRzTV3yX92KtO3EEU6BWQDKXzlGt7G0gfLKZdkZk9N3+14yeYWjvvu
9LBsVFIsHqXgFb+SyhGeVPrjbInWhYyJeI2m6MdRFfOgxDa9/jy8cFinK35rabdq
PxSQJquX14zHQSeTa64Ks0FoL2udgbXsKR8dqkX9KgBMMi9Argc=
=Kxgq
-----END PGP SIGNATURE-----
Marked as fixed in versions vim/2:7.4.488-7+deb8u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 14 Feb 2017 13:24:09 GMT) (full text, mbox, link).
Marked as fixed in versions 2:7.3.547-7+deb7u2.
Request was from James McCoy <jamessan@debian.org>
to control@bugs.debian.org.
(Tue, 14 Feb 2017 14:21:02 GMT) (full text, mbox, link).
Reply sent
to James McCoy <jamessan@debian.org>:
You have taken responsibility.
(Sat, 18 Feb 2017 23:36:19 GMT) (full text, mbox, link).
Notification sent
to Markus Koschany <apo@debian.org>:
Bug acknowledged by developer.
(Sat, 18 Feb 2017 23:36:19 GMT) (full text, mbox, link).
Message #21 received at 854969-close@bugs.debian.org (full text, mbox, reply):
Source: vim
Source-Version: 2:7.4.488-7+deb8u2
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 854969@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Feb 2017 20:02:50 -0500
Source: vim
Binary: vim-common vim-gui-common vim-runtime vim-doc vim-tiny vim vim-dbg vim-gtk vim-nox vim-athena vim-lesstif vim-gnome
Architecture: source all amd64
Version: 2:7.4.488-7+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
vim - Vi IMproved - enhanced vi editor
vim-athena - Vi IMproved - enhanced vi editor - with Athena GUI
vim-common - Vi IMproved - Common files
vim-dbg - Vi IMproved - enhanced vi editor (debugging symbols)
vim-doc - Vi IMproved - HTML documentation
vim-gnome - Vi IMproved - enhanced vi editor - with GNOME2 GUI
vim-gtk - Vi IMproved - enhanced vi editor - with GTK2 GUI
vim-gui-common - Vi IMproved - Common GUI files
vim-lesstif - Vi IMproved - enhanced vi editor (transitional package)
vim-nox - Vi IMproved - enhanced vi editor - with scripting languages suppo
vim-runtime - Vi IMproved - Runtime files
vim-tiny - Vi IMproved - enhanced vi editor - compact version
Closes: 854969
Changes:
vim (2:7.4.488-7+deb8u2) jessie-security; urgency=high
.
* Backport patch 8.0.0322 to fix a buffer overflow if a spellfile has an
invalid length in it. (Closes: #854969, CVE-2017-5953)
Checksums-Sha1:
38be79d0a13f70e50e71d9ace8ebb68e1e09725c 2995 vim_7.4.488-7+deb8u2.dsc
bdb2830f6d208da5bc58bd86df8c7c361f9b414c 151956 vim_7.4.488-7+deb8u2.debian.tar.xz
8a105c185caccf616648e50a8a49c5a1717473b4 149612 vim-gui-common_7.4.488-7+deb8u2_all.deb
1a99521e12584eb2618442ba718853a34dc4100b 5045838 vim-runtime_7.4.488-7+deb8u2_all.deb
e4809a0d1667a96158dc90a568d35589e334a016 1760966 vim-doc_7.4.488-7+deb8u2_all.deb
96dca678d7824455c80e54a45f94864de11a30ed 90476 vim-lesstif_7.4.488-7+deb8u2_all.deb
4da27339bab41ce632b1b625b24022e0d1c04047 418228 vim-tiny_7.4.488-7+deb8u2_amd64.deb
a7f608c2977d403d569e7de8ee6a57b3734143cb 1165798 vim-gtk_7.4.488-7+deb8u2_amd64.deb
4325f1b8a2778849caaab116ff5f28cbcd161782 1168004 vim-gnome_7.4.488-7+deb8u2_amd64.deb
13df213a0a6b92045bdffd5ba30a5903373b4d0d 1157754 vim-athena_7.4.488-7+deb8u2_amd64.deb
be8e58125596cfae754c52e92d5d769506e41367 1049268 vim-nox_7.4.488-7+deb8u2_amd64.deb
047014b98de4cc0953332c4b8b9a4c9c6a052e68 184604 vim-common_7.4.488-7+deb8u2_amd64.deb
b36797c1a0b35250d9fdb6dbfa579b91ae4a3684 952838 vim_7.4.488-7+deb8u2_amd64.deb
4577ba662d23a41ce8e4ce5dc62e1349dcbaff52 6835602 vim-dbg_7.4.488-7+deb8u2_amd64.deb
Checksums-Sha256:
66cd2e65350553ed32a74f1bb53aa64c06e61f599fce855180147df2d30300c2 2995 vim_7.4.488-7+deb8u2.dsc
6ae82faa9f67879d1f177b42ef1c6d0b07ef21be211d447f13413d59bcc09b32 151956 vim_7.4.488-7+deb8u2.debian.tar.xz
d57ed64d4af08e4f59b2d9e03e328072de450f3fe9217c1f450002118456bc84 149612 vim-gui-common_7.4.488-7+deb8u2_all.deb
f8b7155bf0e17c5f36e6d8d8530626547beb16379fbac96b24042418627e3c61 5045838 vim-runtime_7.4.488-7+deb8u2_all.deb
3e4c95375de65472bbb596bfdda3c2172fe82e1d900e5df2fc7565169cddc897 1760966 vim-doc_7.4.488-7+deb8u2_all.deb
1666af547d785fae6afc14df5e5c5f37fc67099f856d9705df80907bbeee11fc 90476 vim-lesstif_7.4.488-7+deb8u2_all.deb
460eb69ab12b5f7ae4e4f463ae69e3c347ede022017a7a577662701e3934a9a2 418228 vim-tiny_7.4.488-7+deb8u2_amd64.deb
cb950d91f430cf913c4fd0cbf08d705269485fb86229cef105471664991ed55d 1165798 vim-gtk_7.4.488-7+deb8u2_amd64.deb
8b601242fe521e10e5ca5f97a878324c08ee804e19d8411f47baa0a0e473565b 1168004 vim-gnome_7.4.488-7+deb8u2_amd64.deb
295fae8cf362bbdb4a018991dd4d18f26888bf31e3348e4a2dc6b81004ce8ec3 1157754 vim-athena_7.4.488-7+deb8u2_amd64.deb
25a983615b53a78b0dd72af7740298e7d1bcdfc702557598d0ead5fabd814a6c 1049268 vim-nox_7.4.488-7+deb8u2_amd64.deb
d7ab79af6f98f022e28e883e886501cdde21d71614116b7c6f34e59109cb6b9a 184604 vim-common_7.4.488-7+deb8u2_amd64.deb
45c4cf176aad0e08b9b75e8515de3c663ae3ef2bf41afd973b89404a53d51f9e 952838 vim_7.4.488-7+deb8u2_amd64.deb
a77799dd9d3a2c688e1db9a74e9a3c7ff4ac51c1fc98d4a4c04dbe09c46974a3 6835602 vim-dbg_7.4.488-7+deb8u2_amd64.deb
Files:
8859e7ddcde0ced7b2e543d117171de8 2995 editors optional vim_7.4.488-7+deb8u2.dsc
226ed0db4f3441a329dfbd63a27fa567 151956 editors optional vim_7.4.488-7+deb8u2.debian.tar.xz
3f0e52520254f3de236400c8ba151c0e 149612 editors optional vim-gui-common_7.4.488-7+deb8u2_all.deb
285d2fe800a952f54de7eb3cda7b0177 5045838 editors optional vim-runtime_7.4.488-7+deb8u2_all.deb
a51ac53d6bfa3a5c4afeb821d45af7f2 1760966 doc optional vim-doc_7.4.488-7+deb8u2_all.deb
07d5c8baee832d6575cb17c236942285 90476 oldlibs extra vim-lesstif_7.4.488-7+deb8u2_all.deb
553e56ac25e76cef13e012ce64952284 418228 editors important vim-tiny_7.4.488-7+deb8u2_amd64.deb
2e7e7836a26da0f84c448af65345813c 1165798 editors extra vim-gtk_7.4.488-7+deb8u2_amd64.deb
92d5ef2dae9d4db6e7db5fc45230c604 1168004 editors extra vim-gnome_7.4.488-7+deb8u2_amd64.deb
04e72e9f448bd68fd75666b175c1660e 1157754 editors extra vim-athena_7.4.488-7+deb8u2_amd64.deb
c00e5224a118f4181c89faeafb88d535 1049268 editors extra vim-nox_7.4.488-7+deb8u2_amd64.deb
0c6eab25f1048ac8be0dc313494f5e55 184604 editors important vim-common_7.4.488-7+deb8u2_amd64.deb
19f690352699d7921dbeef808bc475ef 952838 editors optional vim_7.4.488-7+deb8u2_amd64.deb
ec1c4d36ddf75538843a8512a650c53f 6835602 debug extra vim-dbg_7.4.488-7+deb8u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAlihn11fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9scWg//WM/M5qHH352Wy+Fwnvdm2K6ecZml5BkCvsffQn56+RD6RI4FZhq3aXMK
UUHXpXaylt7j7180jApGUEI14FJ5ObOvUx7F8P4R2yWuyF1hxveaiQ2aHOf0toS7
uSBnJYXiD6LpkZwAnfVjbUPrhwB8tgkGZ7Ezurb5+OP1rbAo/cj+eva6lvw5liCH
gGofJbtzJZM6Z3UXJTHNOIWIiVCz4Gg29K5+xJ1YtDQtWCiUn4CZSJupuCgq8Hn1
s/eoYHW8+4GzKplqyOICLSx+IUgk0yk9BoM/YQ+QpVqGNfpSXJANx1hJBTjUkRHy
cyGIBhwJFiaVuoqP6KA/jhOVfYSm2PMWUs8aP/xBCBJJcKvxmsvVigSrOjVQXBoN
sEpyJUKTZjlFOr0L+cnpr9z0ZVVdLCg3ZdDMYF4sfoY1eKO4nTVzyvTr7FAuQ/OR
g7iHBnlCDlyytuAar99l+SKBBV9HagyHaL5hIuXj6w7Ls9TkqdTk0WRncpA0gm2c
S6hqoVQ3e+jHVOGz4pvl1co7cQoiVF5Auns0f5XcGdm1vdqSH2ZOmC3dErLWGFGb
o/4G/gafSbivEgdZRIxaYwy8Y1h+3jfsbmGNN1r16MShq8ulk/ZeFO7DRtaOHip2
YS4DOI9/Q69BJIrTM8HQnXnZbchoohZf8KydRCdTT+B4+PvrGBg=
=aMcb
-----END PGP SIGNATURE-----
Added tag(s) pending.
Request was from James McCoy <jamessan@debian.org>
to control@bugs.debian.org.
(Sun, 26 Feb 2017 20:15:09 GMT) (full text, mbox, link).
Message sent on
to Markus Koschany <apo@debian.org>:
Bug#854969.
(Sun, 26 Feb 2017 20:15:11 GMT) (full text, mbox, link).
Message #26 received at 854969-submitter@bugs.debian.org (full text, mbox, reply):
tag 854969 pending
thanks
Hello,
Bug #854969 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=pkg-vim/vim.git;a=commitdiff;h=679bd6e
---
commit 679bd6e93858c7585999d86843a24f87c1018bb9
Author: James McCoy <jamessan@debian.org>
Date: Sun Feb 12 18:04:12 2017 -0500
Backport v8.0.0322, buffer overflow mitigation
Signed-off-by: James McCoy <jamessan@debian.org>
diff --git a/debian/changelog b/debian/changelog
index a482e64..9f04e66 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+vim (2:8.0.0197-2) UNRELEASED; urgency=high
+
+ * Backport upstream patch v8.0.0322, to fix buffer overflow if a spellfile
+ has an invalid length in it. (Closes: #854969, CVE-2017-5953)
+
+ -- James McCoy <jamessan@debian.org> Sun, 12 Feb 2017 14:41:48 -0500
+
vim (2:8.0.0197-1) unstable; urgency=medium
[ upstream ]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 05 Jun 2019 08:19:39 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:28:29 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon