File _patchinfo of Package patchinfo.30275
<patchinfo incident="30275">
<issue tracker="bnc" id="1214925">VUL-0: CVE-2023-4734: vim: segmentation fault in function f_fullcommand</issue>
<issue tracker="bnc" id="1214924">VUL-0: CVE-2023-4735: vim: OOB Write ops.c</issue>
<issue tracker="bnc" id="1215006">VUL-0: CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp</issue>
<issue tracker="bnc" id="1215004">VUL-0: CVE-2023-4733: vim: use-after-free in function buflist_altfpos</issue>
<issue tracker="bnc" id="1215033">VUL-0: CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both</issue>
<issue tracker="bnc" id="1214922">VUL-0: CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both</issue>
<issue tracker="cve" id="2023-4738"/>
<issue tracker="cve" id="2023-4735"/>
<issue tracker="cve" id="2023-4781"/>
<issue tracker="cve" id="2023-4752"/>
<issue tracker="cve" id="2023-4733"/>
<issue tracker="cve" id="2023-4734"/>
<packager>bzoltan1</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for vim</summary>
<description>This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Update to version 9.0 with patch level 1894,
for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894
- Use app icons generated from vimlogo.eps in the source tarball;
add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources
</description>
</patchinfo>