Message ID | 20240301200522.888120-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/vim: security bump to version 9.1.0145 | expand |
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2024-22667: Vim before 9.0.2142 has a stack-based buffer > overflow because did_set_langmap in map.c calls sprintf to write to the > error buffer that is passed down to the option callback functions. > Update hash of README.txt (version number updated with > https://github.com/vim/vim/commit/b4ddc6c11e95cef4b372e239871fae1c8d4f72b6) > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed, thanks.
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > Fix CVE-2024-22667: Vim before 9.0.2142 has a stack-based buffer > overflow because did_set_langmap in map.c calls sprintf to write to the > error buffer that is passed down to the option callback functions. > Update hash of README.txt (version number updated with > https://github.com/vim/vim/commit/b4ddc6c11e95cef4b372e239871fae1c8d4f72b6) > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2023.02.x and 2023.11.x, thanks.
diff --git a/package/vim/vim.hash b/package/vim/vim.hash index 4ff64bada2..194bcb4378 100644 --- a/package/vim/vim.hash +++ b/package/vim/vim.hash @@ -1,4 +1,4 @@ # Locally computed -sha256 d826682fb839c0b99f80b9189af549d46dc087ef2cfc617ce161609ba5da4dc7 vim-9.0.2136.tar.gz +sha256 0056537cb57190aa41c12ba6c2ad04ce10e7f714cde4c1fe7193a37e1c44db46 vim-9.1.0145.tar.gz sha256 0b3f1f330cb1b179bb17c7c687d4cec601e0aa3462bc7f890ad4c3888d37d720 LICENSE -sha256 b475d5d3f8c855dc1a84813bbe45c44054d7f7aee20c800950bf89d5958873de README.txt +sha256 7a2f621c8496396dae5eecdcc4dccff9d534dff4627193d3ebf7fa6d2cb27042 README.txt diff --git a/package/vim/vim.mk b/package/vim/vim.mk index b0b4ffe344..fb8062e1fa 100644 --- a/package/vim/vim.mk +++ b/package/vim/vim.mk @@ -4,7 +4,7 @@ # ################################################################################ -VIM_VERSION = 9.0.2136 +VIM_VERSION = 9.1.0145 VIM_SITE = $(call github,vim,vim,v$(VIM_VERSION)) VIM_DEPENDENCIES = ncurses $(TARGET_NLS_DEPENDENCIES) VIM_SUBDIR = src
Fix CVE-2024-22667: Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. Update hash of README.txt (version number updated with https://github.com/vim/vim/commit/b4ddc6c11e95cef4b372e239871fae1c8d4f72b6) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/vim/vim.hash | 4 ++-- package/vim/vim.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)