Processed: bookworm-pu: package vim/2:9.0.1378-2+deb12u1

Discussion:

Add Reply

Debian Bug Tracking System

2025-01-29 15:30:02 UTC

affects -1 + src:vim

Bug #1094646 [release.debian.org] bookworm-pu: package vim/2:9.0.1378-2+deb12u1
Added indication that 1094646 affects src:vim

--
1094646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094646
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Jonathan Wiltshire

2025-02-01 21:50:02 UTC

Permalink

package release.debian.org
tags 1094646 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: vim
Version: 9.0.1378-2+deb12u1

Explanation: fix crash when expanding "~" in substitute [CVE-2023-2610]; fix buffer-overflow in vim_regsub_both() [CVE-2023-4738]; fix heap use after free in ins_compl_get_exp() [CVE-2023-4752]; fix heap-buffer-overflow in vim_regsub_both [CVE-2023-4781]; fix buffer-overflow in trunc_string() [CVE-2023-5344]; fix stack-buffer-overflow in option callback functions [CVE-2024-22667]; fix heap-buffer-overflow in ins_typebuf (CVE-2024-43802]; fix use-after-free when closing a buffer [CVE-2024-47814]

James McCoy

2025-02-09 17:10:01 UTC

Permalink

Fixes for eight CVEs, backported from upstream, all already in sid.
Tested with Vim's existing extensive test suite, and some of the fixes add new
tests, too. Everything passes.
These are all simple CVEs caused by the usual suspect C programming issues, so
there is no expected negative impact on users.

FYI, one of the new tests added by these patches if failing the build on
armel, armhf, i386, and mipsel.

The test was disabled upstream because they were also seeing timeouts in
certain scenarios --
https://github.com/vim/vim/compare/v9.0.1533...v9.0.1535

Cheers,

--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB

Sean Whitton

2025-02-12 00:40:02 UTC

Permalink

Hello,

Post by James McCoy

FYI, one of the new tests added by these patches if failing the build on
armel, armhf, i386, and mipsel.
The test was disabled upstream because they were also seeing timeouts in
certain scenarios --
https://github.com/vim/vim/compare/v9.0.1533...v9.0.1535

Thanks. I'll prepare an additional upload.

--
Sean Whitton

Adam D Barratt

2025-02-16 12:30:01 UTC

Permalink

Debian Bug Tracking System

2025-02-16 12:30:01 UTC

Permalink

Post by Jonathan Wiltshire
package release.debian.org

Limiting to bugs with field 'package' containing at least one of 'release.debian.org'
Limit currently set to 'package':'release.debian.org'

Post by Jonathan Wiltshire
tags 1094646 = bookworm pending

Bug #1094646 [release.debian.org] bookworm-pu: package vim/2:9.0.1378-2+deb12u1
Ignoring request to alter tags of bug #1094646 to the same tags previously set

Post by Jonathan Wiltshire
thanks

Stopping processing here.

Please contact me if you need assistance.

--
1094646: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094646
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems

Adam D. Barratt

2025-02-16 19:10:02 UTC

Permalink

Control: tags -1 = bookworm pending

I managed to miss that a new bug was filed for the regression fix
upload when accepting it.

-------- Forwarded Message --------
From: Adam D Barratt <***@adam-barratt.org.uk>
Reply-To: Adam D Barratt <***@adam-barratt.org.uk>,
***@bugs.debian.org
To: ***@bugs.debian.org
Cc: 1094646-***@bugs.debian.org
Subject: Bug#1094646: vim 9.0.1378-2+deb12u2 flagged for acceptance
Date: 16/02/25 12:21:02

package release.debian.org
tags 1094646 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for
acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: vim
Version: 9.0.1378-2+deb12u2

Explanation: fix build failure on 32-bit architectures