New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: vim #1086

Closed

vbatts opened this issue Jun 19, 2023 · 1 comment · Fixed by flatcar/scripts#1049

Labels

advisory cvss/HIGH security

Member

vbatts commented Jun 19, 2023 •

edited by dongsupark

Loading

Name: vim
CVEs: ~~CVE-2023-2426,~~ CVE-2023-2609, CVE-2023-2610
CVSSs: ~~5.5~~, n/a, 7.8
Action Needed: update to >= 9.0.1532

Summary:

~~CVE-2023-2426: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.~~ (Weekly portage-stable package updates 2023-06-19 scripts#934)
CVE-2023-2609: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.
CVE-2023-2610: Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.

refmap.gentoo: ~~https://bugs.gentoo.org/905373,~~ https://bugs.gentoo.org/906109

vbatts added advisory security labels

dongsupark added the cvss/HIGH label

Member

dongsupark commented Jun 30, 2023

CVE-2023-2426 was addressed by vim 9.0.1503, which will be included in the next Alpha.

krnowak mentioned this issue

Weekly portage-stable package updates 2023-08-07 flatcar/scripts#1049

Merged

2 tasks

krnowak closed this as completed in flatcar/scripts#1049

github-actions bot mentioned this issue

Monthly contributions report 2023-07-22 - 2023-08-21 #1246

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment