vim: CVE-2017-6349 CVE-2017-6350

Debian Bug report logs - #856266
vim: CVE-2017-6349 CVE-2017-6350

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: vim: CVE-2017-6349 CVE-2017-6350

Date: Mon, 27 Feb 2017 10:45:02 +0100

Source: vim
Version: 2:7.4.488-7
Severity: important
Tags: patch upstream security

Hi,

the following vulnerabilities were published for vim.

CVE-2017-6349[0]:
| An integer overflow at a u_read_undo memory allocation site would occur
| for vim before patch 8.0.0377, if it does not properly validate values
| for tree length when reading a corrupted undo file, which may lead to
| resultant buffer overflows.

CVE-2017-6350[1]:
| An integer overflow at an unserialize_uep memory allocation site would
| occur for vim before patch 8.0.0378, if it does not properly validate
| values for tree length when reading a corrupted undo file, which may
| lead to resultant buffer overflows.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-6349
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6349
[1] https://security-tracker.debian.org/tracker/CVE-2017-6350
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6350

Please adjust the affected versions in the BTS as needed.

I would tend to say this is no-dsa (and thus scheduling a fix for
jessie via a point release), but it would be good to have the fix
straight to stretch as well.

Regards,
Salvatore

Message #10 received at 856266-submitter@bugs.debian.org (full text, mbox, reply):

From: James McCoy <jamessan@debian.org>

To: 856266-submitter@bugs.debian.org

Subject: Bug#856266 marked as pending

Date: Tue, 07 Mar 2017 03:35:37 +0000

tag 856266 pending
thanks

Hello,

Bug #856266 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-vim/vim.git;a=commitdiff;h=a6262cf

---
commit a6262cf22cebd835f7c01981d4f136183c484bfc
Author: James McCoy <jamessan@debian.org>
Date:   Mon Mar 6 21:27:39 2017 -0500

    Backport v8.0.0377 & v8.0.0378 to fix undo file buffer overflows
    
    Signed-off-by: James McCoy <jamessan@debian.org>

diff --git a/debian/changelog b/debian/changelog
index c27418e..8286dd4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+vim (2:8.0.0197-3) UNRELEASED; urgency=high
+
+  * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows
+    when reading corrupted undo files.  (Closes: #856266, CVE-2017-6349,
+    CVE-2017-6350)
+
+ -- James McCoy <jamessan@debian.org>  Mon, 06 Mar 2017 20:50:18 -0500
+
 vim (2:8.0.0197-2) unstable; urgency=high
 
   * Backport upstream patch v8.0.0322, to fix buffer overflow if a spellfile

Message #15 received at 856266-close@bugs.debian.org (full text, mbox, reply):

From: James McCoy <jamessan@debian.org>

To: 856266-close@bugs.debian.org

Subject: Bug#856266: fixed in vim 2:8.0.0197-3

Date: Tue, 07 Mar 2017 04:36:27 +0000

Source: vim
Source-Version: 2:8.0.0197-3

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856266@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 06 Mar 2017 22:33:23 -0500
Source: vim
Binary: vim-common vim-gui-common vim-runtime vim-doc vim-tiny vim vim-gtk vim-gtk3 vim-nox vim-athena vim-gnome xxd
Architecture: source
Version: 2:8.0.0197-3
Distribution: unstable
Urgency: high
Maintainer: Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
 vim        - Vi IMproved - enhanced vi editor
 vim-athena - Vi IMproved - enhanced vi editor - with Athena GUI
 vim-common - Vi IMproved - Common files
 vim-doc    - Vi IMproved - HTML documentation
 vim-gnome  - Vi IMproved - enhanced vi editor (dummy package)
 vim-gtk    - Vi IMproved - enhanced vi editor - with GTK2 GUI
 vim-gtk3   - Vi IMproved - enhanced vi editor - with GTK3 GUI
 vim-gui-common - Vi IMproved - Common GUI files
 vim-nox    - Vi IMproved - enhanced vi editor - with scripting languages suppo
 vim-runtime - Vi IMproved - Runtime files
 vim-tiny   - Vi IMproved - enhanced vi editor - compact version
 xxd        - tool to make (or reverse) a hex dump
Closes: 856266
Changes:
 vim (2:8.0.0197-3) unstable; urgency=high
 .
   * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows
     when reading corrupted undo files.  (Closes: #856266, CVE-2017-6349,
     CVE-2017-6350)
Checksums-Sha1:
 1f3bf5d42616981af41698d4aa91c4eb3a7bd797 2991 vim_8.0.0197-3.dsc
 dc029551a37495d3efd2706cbb4934ea97935948 155324 vim_8.0.0197-3.debian.tar.xz
 308bdd9556cc5f75b6ed3e7d3690c7e4205c4dc9 18937 vim_8.0.0197-3_amd64.buildinfo
Checksums-Sha256:
 73c061ddab1739f37fc491dff0bc596b0b0419113a9e438824f83d63f6191837 2991 vim_8.0.0197-3.dsc
 d5d1b02e985f83478bf5d9c2688630d0908deab55b32a133a0f4d7a721ba9085 155324 vim_8.0.0197-3.debian.tar.xz
 e0288e271cdb774ea611c69915c92c91853afed6359dbe58ae2996b9521d8241 18937 vim_8.0.0197-3_amd64.buildinfo
Files:
 c6bb9785192eeea4bc77aeb6878c2a22 2991 editors optional vim_8.0.0197-3.dsc
 5fb655fd80e7b5474a5982854a9e5351 155324 editors optional vim_8.0.0197-3.debian.tar.xz
 b574722bf1da0860698068cfaa8a82e4 18937 editors optional vim_8.0.0197-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAli+MjZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9sgcBAAxTR12pRhjzpLjBSEx0yxVHKa+2HyegLsQPa7sSR9cWJXF4nHl1/Vq67T
MUsSfUI5duP0LW+FlkpW+B6uRHssOIWEDnB6BvaqWi0YiL+sE8dxBd+BtVngdKG0
HsYrjcdiNdDyBrwuta/7UnqRvz9qDB73AQUd0bjUtyUALzFLOlWAmrRFevorflLv
gz9vNzGFd8PTPB2DVkLwDA27l6h4mBwqHSjz66qX3X2QGC9B7bCT9cqFhTXemOMx
8nxKwsjxAEJoHwD2hlMkH5Zoe8baPwzalJeUCI+HS4dw2xyD64LUhjdpyeWlg4Jn
vhgeU3H24mSyf0saRAxnvHlm+vW6WPXjJSdAg5+aZEfzFI39SMpAfG6N8v74VBSH
/TUYSw4TTUckERnboDQE5oqT0ougRsGGexyBtJeS2aipG21HriOEfLoK5O2e7yCL
wN5oBrvOE7GUyaN0bm37fhOt83Qy1zo1RpFhuS8cyYm0yb7bY84juT2EnLtXJfoA
lFAiHJjDCsv8nNiAFzEOFh/kWCTuNFgZII9GJHp+qeBokmbwtv0icq4I+aV1XxOk
dPm2WDDvKIPDYIHMp+ZJRwtHsXctLn88ZRiEmKCiI+OxzKfaVuEyexTg7xUoaMvs
quxXHoWDGWxbHHWIzm7uVEbxOm4mjcv912XC7MPkG4OToQNp0lA=
=TgR+
-----END PGP SIGNATURE-----

Message #20 received at 856266-close@bugs.debian.org (full text, mbox, reply):

From: James McCoy <jamessan@debian.org>

To: 856266-close@bugs.debian.org

Subject: Bug#856266: fixed in vim 2:7.4.488-7+deb8u3

Date: Wed, 29 Mar 2017 19:47:11 +0000

Source: vim
Source-Version: 2:7.4.488-7+deb8u3

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 856266@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James McCoy <jamessan@debian.org> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 06 Mar 2017 23:52:28 -0500
Source: vim
Binary: vim-common vim-gui-common vim-runtime vim-doc vim-tiny vim vim-dbg vim-gtk vim-nox vim-athena vim-lesstif vim-gnome
Architecture: source all amd64
Version: 2:7.4.488-7+deb8u3
Distribution: jessie
Urgency: medium
Maintainer: Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
 vim        - Vi IMproved - enhanced vi editor
 vim-athena - Vi IMproved - enhanced vi editor - with Athena GUI
 vim-common - Vi IMproved - Common files
 vim-dbg    - Vi IMproved - enhanced vi editor (debugging symbols)
 vim-doc    - Vi IMproved - HTML documentation
 vim-gnome  - Vi IMproved - enhanced vi editor - with GNOME2 GUI
 vim-gtk    - Vi IMproved - enhanced vi editor - with GTK2 GUI
 vim-gui-common - Vi IMproved - Common GUI files
 vim-lesstif - Vi IMproved - enhanced vi editor (transitional package)
 vim-nox    - Vi IMproved - enhanced vi editor - with scripting languages suppo
 vim-runtime - Vi IMproved - Runtime files
 vim-tiny   - Vi IMproved - enhanced vi editor - compact version
Closes: 856266
Changes:
 vim (2:7.4.488-7+deb8u3) jessie; urgency=medium
 .
   * Backport upstream patches v8.0.0377 & v8.0.0378, to fix buffer overflows
     when reading corrupted undo files.  (Closes: #856266, CVE-2017-6349,
     CVE-2017-6350)
Checksums-Sha1:
 7e18d7ae682bd9b142ffc2698db65d1d81a62ba0 2995 vim_7.4.488-7+deb8u3.dsc
 0f1be00416ab0e1723d801d139761a46efbb2db4 152752 vim_7.4.488-7+deb8u3.debian.tar.xz
 ad03c1b50476c35ffeb26391507f2e0083357361 149732 vim-gui-common_7.4.488-7+deb8u3_all.deb
 2ce97ccd29a7c4d4da0418c598a035a1bbbc744e 5047658 vim-runtime_7.4.488-7+deb8u3_all.deb
 06b6fef2565bf395e849cec60d9c1c3036e7f7ad 1760920 vim-doc_7.4.488-7+deb8u3_all.deb
 92c5317471009b5e11edfcf2d3ace9aa46f28127 90560 vim-lesstif_7.4.488-7+deb8u3_all.deb
 4213184275d35e326811f86bdc4700616c920932 418100 vim-tiny_7.4.488-7+deb8u3_amd64.deb
 41844506dea567f316231903aade982265b4164b 1166032 vim-gtk_7.4.488-7+deb8u3_amd64.deb
 3aff0ae68682d236072fbc32f9bda80acbb6b4d5 1168136 vim-gnome_7.4.488-7+deb8u3_amd64.deb
 ec6c38c1e3451250def48468b45fc6eaf48e2c8f 1158572 vim-athena_7.4.488-7+deb8u3_amd64.deb
 b1b7ce655877192c2a604f8ab878701e791d3263 1049318 vim-nox_7.4.488-7+deb8u3_amd64.deb
 fde0fa6c9f15c8900635942f6a9c3522e066d95b 184684 vim-common_7.4.488-7+deb8u3_amd64.deb
 ad93084205552492c2cdb0098acc9bd1c2bdc90a 952520 vim_7.4.488-7+deb8u3_amd64.deb
 1c4cffbb8409d04865fe0b9c216f2a6d80054ecf 6836126 vim-dbg_7.4.488-7+deb8u3_amd64.deb
Checksums-Sha256:
 94833b984d6ed644c95eea483c75c19c90672bcec5293f9c3259d48b10916060 2995 vim_7.4.488-7+deb8u3.dsc
 fd254ca4319afa186809694804486479fea438d14001a936ddf5bfdb2d7ef1e6 152752 vim_7.4.488-7+deb8u3.debian.tar.xz
 8e05b273d66e4f789ea802e57d2dc040e73f6f1762fbb2911e736b9e8e22cb27 149732 vim-gui-common_7.4.488-7+deb8u3_all.deb
 332dbb942a4af181edcfd091debeb26622bbe318509b0247662957c270cb44c7 5047658 vim-runtime_7.4.488-7+deb8u3_all.deb
 d9fcf5515564b7ff382c555c22fec3ae6f055c029f7de13a226cbffdf8826116 1760920 vim-doc_7.4.488-7+deb8u3_all.deb
 78d308f2931b11f61a3a0fc83dbf1f9f06172512d9aba69e36feae168f272f68 90560 vim-lesstif_7.4.488-7+deb8u3_all.deb
 84959695ead4e691873d5723e53e0dce0dbcc470d01ddb11ed0295cc963ae4c6 418100 vim-tiny_7.4.488-7+deb8u3_amd64.deb
 85db97e9f2551240d270415966b9b79f0a02e8d1a7eaea8d2fb9206e8b26423f 1166032 vim-gtk_7.4.488-7+deb8u3_amd64.deb
 0d4f18da69bc192cf46079e4429117226cbd4be18b31097cda1d5f8751af0a1a 1168136 vim-gnome_7.4.488-7+deb8u3_amd64.deb
 9fbd790503201d2ed1e31ae8c2d211e840c5a78cad46044eb80d99d23b24151b 1158572 vim-athena_7.4.488-7+deb8u3_amd64.deb
 cf5c519d5016b3859ad0f6c9de0b1b196e74a46f6cd417e8a939213fc5e60a7b 1049318 vim-nox_7.4.488-7+deb8u3_amd64.deb
 a3217b39f27d0a34c6861ba7da2d315b4ecfb40651f408c7846425e0e7b1d9d9 184684 vim-common_7.4.488-7+deb8u3_amd64.deb
 a54992b18851e0b17da36e8a7f63dad7b37e624af505b1d0b075777da7e979e5 952520 vim_7.4.488-7+deb8u3_amd64.deb
 44e0b2ce5eca0e269a7aedeea34319a65b92f8ea83031beee0466e88e1decd22 6836126 vim-dbg_7.4.488-7+deb8u3_amd64.deb
Files:
 f2ec9a6652158c08868508196d653098 2995 editors optional vim_7.4.488-7+deb8u3.dsc
 f9851fff0ffb8c4a261706ccf0314b52 152752 editors optional vim_7.4.488-7+deb8u3.debian.tar.xz
 7f0c1f0571cba3473c04e96891c78e1d 149732 editors optional vim-gui-common_7.4.488-7+deb8u3_all.deb
 188775d1abe77c47b1480f369f17537f 5047658 editors optional vim-runtime_7.4.488-7+deb8u3_all.deb
 8489636a4713e8de21965eb150bc796e 1760920 doc optional vim-doc_7.4.488-7+deb8u3_all.deb
 b2dd7467fe293ee80daf7423c3366164 90560 oldlibs extra vim-lesstif_7.4.488-7+deb8u3_all.deb
 34b52e706d7ea1309ffc567ed3ca76c7 418100 editors important vim-tiny_7.4.488-7+deb8u3_amd64.deb
 5af9e9388ae16d37c9f8940ecae6dd20 1166032 editors extra vim-gtk_7.4.488-7+deb8u3_amd64.deb
 4c8bbc10740532007b09b9c0d4387b00 1168136 editors extra vim-gnome_7.4.488-7+deb8u3_amd64.deb
 6b00022469e65748e09a7c7f940893b9 1158572 editors extra vim-athena_7.4.488-7+deb8u3_amd64.deb
 a9e9319d155832786cb19fd956fcccfc 1049318 editors extra vim-nox_7.4.488-7+deb8u3_amd64.deb
 681c66def1306f5ee52bcd07747df247 184684 editors important vim-common_7.4.488-7+deb8u3_amd64.deb
 ba7d628cb939d563a6b368f1f0f416c3 952520 editors optional vim_7.4.488-7+deb8u3_amd64.deb
 23109dcc1941dbbeb846588befaf27fb 6836126 debug extra vim-dbg_7.4.488-7+deb8u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAljB+i5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb
o9sblhAAq6KxKYiOmeVGO9GIiCJx9jFMZOFjYP8APkz2larqP86vNyg/kh4f5nLX
G9q7aEXPEa6F975MoUdYyP5hLVwV+QJuOH5AppzGRj9mwgYfr3RVa+YxjWIAeAkG
VKuUZAwMOcjySu2t/fgsOCuTWHIF9T+eyDVGqG8jvRxBg/+Pq5yEBqRI9jAgeetO
egrM/TwoC2QFsM82LC+mfXUQjHtgDgEoFh73cFs3Jt50jYJdDodIdKJaZMkAWJyO
e0Ep57y1g9iLZqTwMnfGBMEBAMjynY36RLPgZYB/qGOPEM8ECu98TPHHUpPRueTE
uL1fAN5IXSc6uVXboluhIaSicGCFbLURiBZMPIlyDAM+HygQ67jfEH3BUCrJn5tP
DH0nDNipIbsuy7bEnKd88XlygD31WHbs6psgYRacV0nM8H0wFrezsiFmi9IgZsZ4
C1X6C1+tgjK29k0BkslzpcEv3uYxkNQ2+8D8pY+jf/M8GwyM2BG5hxxrS/lM3mNY
40ktEgXfWXW1iyyHo8j6R9XNg6/1vncMocC4cTAtq+HkVLOdaD+IhvDKYfXw3+fA
NT9/2k83vWxi0e40bLYNYe44e28JrOgWdGoZaP29oD7kLQBC1rp/JrYfqocMlUnU
jQ6RKfFz8IUxFclIYA9oI5CPE6NVqRYSwI2e6QLQKLTXRpxEGx8=
=mmnt
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.