Bug 13339

Summary: [CVE 21] vim 9.0.1021 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: High CC: a.proklov, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-1355,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-05-03 18:21:45 MSK 
Please patch CVEs for package vim version 9.0.1021
  
INFO (CVEs are): vim 9.0.1021
 cves found
CVE-2023-0049
Desc: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0049
Severity: HIGH
CVE-2023-0051
Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0051
Severity: HIGH
CVE-2023-0054
Desc: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0054
Severity: HIGH
CVE-2023-0288
Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0288
Severity: HIGH
CVE-2023-0433
Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0433
Severity: HIGH
CVE-2023-0512
Desc: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0512
Severity: HIGH
CVE-2023-1127
Desc: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1127
Severity: HIGH
CVE-2023-1170
Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1170
Severity: MEDIUM
CVE-2023-1175
Desc: Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1175
Severity: MEDIUM
CVE-2023-1264
Desc: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1264
Severity: MEDIUM
CVE-2023-1355
Desc: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1355
Severity: MEDIUM
Comment 1 Svyatoslav Matveev 2023-05-22 14:44:43 MSK 
********** QA ADVISORY **********

Cve закрыты обновлением.

*** vim
**  upd: 9.0.1021 -> 9.0.1572 (merge rosa2023.1)

https://abf.io/build_lists/4442921
https://abf.io/build_lists/4442922
https://abf.io/build_lists/4442920
https://abf.io/build_lists/4442923
https://abf.io/build_lists/4442924
Comment 2 Vladimir Potapov 2023-05-22 14:59:15 MSK 
(In reply to Svyatoslav Matveev from comment #1)
> ********** QA ADVISORY **********
> 
> Cve закрыты обновлением.
> 
> *** vim
> **  upd: 9.0.1021 -> 9.0.1572 (merge rosa2023.1)
> 
> https://abf.io/build_lists/4442921
> https://abf.io/build_lists/4442922
> https://abf.io/build_lists/4442920
> https://abf.io/build_lists/4442923
> https://abf.io/build_lists/4442924
****************************************
The update sent to testings
Comment 3 Vladimir Potapov 2023-05-31 10:14:08 MSK 
vim-9.0.1572-1
https://abf.io/build_lists/4442921
https://abf.io/build_lists/4442922
https://abf.io/build_lists/4442920
https://abf.io/build_lists/4442923
https://abf.io/build_lists/4442924
************************* Advisory ********************
upd: 9.0.1021 -> 9.0.1572, CVEs fix
*******************************************************
QA Verified
Comment 4 Yury 2023-07-25 16:43:55 MSK 
Secteam Verified