Overview

File _patchinfo of Package patchinfo.24629

<patchinfo incident="24629">
  <issue tracker="bnc" id="1070955">VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information</issue>
  <issue tracker="bnc" id="1191770">VUL-0: CVE-2021-3875: vim: heap-based buffer overflow</issue>
  <issue tracker="bnc" id="1192167">VUL-0: CVE-2021-3903: vim: heap-based buffer overflow</issue>
  <issue tracker="bnc" id="1192902">VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow</issue>
  <issue tracker="bnc" id="1192903">VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow</issue>
  <issue tracker="bnc" id="1192904">VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free</issue>
  <issue tracker="bnc" id="1193466">VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c</issue>
  <issue tracker="bnc" id="1193905">VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow</issue>
  <issue tracker="bnc" id="1194093">VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read</issue>
  <issue tracker="bnc" id="1194216">VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read</issue>
  <issue tracker="bnc" id="1194217">VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free</issue>
  <issue tracker="bnc" id="1194388">VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read</issue>
  <issue tracker="bnc" id="1194872">VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2.</issue>
  <issue tracker="bnc" id="1194885">VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow</issue>
  <issue tracker="bnc" id="1195004">VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2.</issue>
  <issue tracker="bnc" id="1195203">VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c</issue>
  <issue tracker="bnc" id="1195332">VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2</issue>
  <issue tracker="bnc" id="1195354">VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2.</issue>
  <issue tracker="bnc" id="1196361">VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2</issue>
  <issue tracker="bnc" id="1198596">VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range</issue>
  <issue tracker="bnc" id="1198748">VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset</issue>
  <issue tracker="bnc" id="1199331">VUL-0: CVE-2022-1616: vim: Use after free in append_command</issue>
  <issue tracker="bnc" id="1199333">VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars</issue>
  <issue tracker="bnc" id="1199334">VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string</issue>
  <issue tracker="bnc" id="1199651">VUL-1: CVE-2022-1735: vim: heap buffer overflow</issue>
  <issue tracker="bnc" id="1199655">VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c</issue>
  <issue tracker="bnc" id="1199693">VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2.</issue>
  <issue tracker="bnc" id="1199745">VUL-1: CVE-2022-1785: vim: Out-of-bounds Write</issue>
  <issue tracker="bnc" id="1199747">VUL-0: CVE-2022-1796: vim: Use After  in find_pattern_in_path</issue>
  <issue tracker="bnc" id="1199936">VUL-1: CVE-2022-1851: vim: out of bounds read</issue>
  <issue tracker="bnc" id="1200010">VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim</issue>
  <issue tracker="bnc" id="1200011">VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2</issue>
  <issue tracker="bnc" id="1200012">VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2</issue>
  <issue tracker="cve" id="2017-17087"/>
  <issue tracker="cve" id="2021-3778"/>
  <issue tracker="cve" id="2021-3796"/>
  <issue tracker="cve" id="2021-3872"/>
  <issue tracker="cve" id="2021-3875"/>
  <issue tracker="cve" id="2021-3903"/>
  <issue tracker="cve" id="2021-3927"/>
  <issue tracker="cve" id="2021-3928"/>
  <issue tracker="cve" id="2021-3968"/>
  <issue tracker="cve" id="2021-3973"/>
  <issue tracker="cve" id="2021-3974"/>
  <issue tracker="cve" id="2021-3984"/>
  <issue tracker="cve" id="2021-4019"/>
  <issue tracker="cve" id="2021-4069"/>
  <issue tracker="cve" id="2021-4136"/>
  <issue tracker="cve" id="2021-4166"/>
  <issue tracker="cve" id="2021-4192"/>
  <issue tracker="cve" id="2021-4193"/>
  <issue tracker="cve" id="2021-46059"/>
  <issue tracker="cve" id="2022-0128"/>
  <issue tracker="cve" id="2022-0213"/>
  <issue tracker="cve" id="2022-0261"/>
  <issue tracker="cve" id="2022-0318"/>
  <issue tracker="cve" id="2022-0319"/>
  <issue tracker="cve" id="2022-0351"/>
  <issue tracker="cve" id="2022-0359"/>
  <issue tracker="cve" id="2022-0361"/>
  <issue tracker="cve" id="2022-0392"/>
  <issue tracker="cve" id="2022-0407"/>
  <issue tracker="cve" id="2022-0413"/>
  <issue tracker="cve" id="2022-0696"/>
  <issue tracker="cve" id="2022-1381"/>
  <issue tracker="cve" id="2022-1420"/>
  <issue tracker="cve" id="2022-1616"/>
  <issue tracker="cve" id="2022-1619"/>
  <issue tracker="cve" id="2022-1620"/>
  <issue tracker="cve" id="2022-1733"/>
  <issue tracker="cve" id="2022-1735"/>
  <issue tracker="cve" id="2022-1771"/>
  <issue tracker="cve" id="2022-1785"/>
  <issue tracker="cve" id="2022-1796"/>
  <issue tracker="cve" id="2022-1851"/>
  <issue tracker="cve" id="2022-1897"/>
  <issue tracker="cve" id="2022-1898"/>
  <issue tracker="cve" id="2022-1927"/>
  <packager>bzoltan1</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for vim</summary>
  <description>This update for vim fixes the following issues:

- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
- CVE-2021-3974: Fixed use-after-free (bsc#1192904).
- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
- CVE-2021-4192: Fixed use-after-free (bsc#1194217).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
- CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
- CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
- CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
- CVE-2022-1898: Fixed use-after-free (bsc#1200011).
- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places