Bug 13956

Summary: [CVE 21] vim 9.0.1572 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: critical    
Priority: Highest CC: a.proklov, e.kosachev, pastordidi, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: 2021.1 Fresh R12   
Hardware: All   
OS: Linux   
URL: CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-18 20:32:04 MSK 
Please patch CVEs for package vim version 9.0.1572
  
INFO (CVEs are): vim 9.0.1572
 cves found
CVE-2023-4733
Desc: Use After Free in GitHub repository vim/vim prior to 9.0.1840.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4733
Severity: HIGH
CVE-2023-4734
Desc: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4734
Severity: HIGH
CVE-2023-4735
Desc: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4735
Severity: HIGH
CVE-2023-4736
Desc: Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4736
Severity: HIGH
CVE-2023-4738
Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4738
Severity: HIGH
CVE-2023-4750
Desc: Use After Free in GitHub repository vim/vim prior to 9.0.1857.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4750
Severity: HIGH
CVE-2023-4752
Desc: Use After Free in GitHub repository vim/vim prior to 9.0.1858.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4752
Severity: HIGH
CVE-2023-4781
Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-4781
Severity: HIGH
CVE-2023-5344
Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-5344
Severity: HIGH
CVE-2023-5441
Desc: NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-5441
Severity: MEDIUM
CVE-2023-5535
Desc: Use After Free in GitHub repository vim/vim prior to v9.0.2010.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-5535
Severity: HIGH
Comment 1 Svyatoslav Matveev 2023-10-22 18:30:35 MSK 
********** QA ADVISORY **********

Все Cve закрыты обновлением.

*** vim
**  9.0.1572 .. 9.0.2059

https://abf.io/build_lists/4760183
https://abf.io/build_lists/4760182
https://abf.io/build_lists/4760184
https://abf.io/build_lists/4760185
https://abf.io/build_lists/4760186
Comment 2 Dmitry Postnikov 2023-10-24 10:55:19 MSK 
*****************************
Обновление отослано в Тестинг
Comment 3 Vladimir Potapov 2023-10-24 12:57:23 MSK 
vim-9.0.2059-1
https://abf.io/build_lists/4760183
https://abf.io/build_lists/4760182
https://abf.io/build_lists/4760184
https://abf.io/build_lists/4760185
https://abf.io/build_lists/4760186
**************************** Advisory *******************************
Many CVE are fixed
*********************************************************************
QA Verified
Comment 4 Yury 2023-10-27 19:58:26 MSK 
secteam_verified