Debian Bug report logs -
#1019590
vim: CVE-2022-2946 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Vim Maintainers <team+vim@tracker.debian.org>
:
Bug#1019590
; Package src:vim
.
(Mon, 12 Sep 2022 18:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Vim Maintainers <team+vim@tracker.debian.org>
.
(Mon, 12 Sep 2022 18:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: vim
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for vim.
CVE-2022-2946[0]:
| Use After Free in GitHub repository vim/vim prior to 9.0.0246.
https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5
https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246)
CVE-2022-2982[1]:
| Use After Free in GitHub repository vim/vim prior to 9.0.0260.
https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be
https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260)
CVE-2022-3037[2]:
| Use After Free in GitHub repository vim/vim prior to 9.0.0322.
https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322)
CVE-2022-3099[3]:
| Use After Free in GitHub repository vim/vim prior to 9.0.0360.
https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e
https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360)
CVE-2022-3134[4]:
| Use After Free in GitHub repository vim/vim prior to 9.0.0389.
https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc
https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389)
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2946
[1] https://security-tracker.debian.org/tracker/CVE-2022-2982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2982
[2] https://security-tracker.debian.org/tracker/CVE-2022-3037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3037
[3] https://security-tracker.debian.org/tracker/CVE-2022-3099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
[4] https://security-tracker.debian.org/tracker/CVE-2022-3134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3134
Please adjust the affected versions in the BTS as needed.
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 12 Sep 2022 18:48:05 GMT) (full text, mbox, link).
Marked as found in versions vim/2:9.0.0242-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 12 Sep 2022 18:48:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Sep 13 13:21:00 2022;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.