Fedora Linux 8810 Published by

A vim security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: vim-8.2.3512-1.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-6988830606
2021-10-29 22:48:33.393113
--------------------------------------------------------------------------------

Name : vim
Product : Fedora 35
Version : 8.2.3512
Release : 1.fc35
URL :   http://www.vim.org/
Summary : The VIM editor
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

--------------------------------------------------------------------------------
Update Information:

The newest upstream commit Security fix for CVE-2021-3796 Security fix for
CVE-2021-3778 Security fix for CVE-2021-3875 Security fix for CVE-2021-3872
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 15 2021 Zdenek Dohnal - 2:8.2.3512-1
- patchlevel 3512
* Thu Oct 14 2021 Zdenek Dohnal - 2:8.2.3404-2
- adjust test suite to Python 3.10
* Thu Oct 14 2021 Zdenek Dohnal - 2:8.2.3404-2
- remove filetype plugin from virc - it doesn't work with vi
* Mon Oct 11 2021 Zdenek Dohnal - 2:8.2.3404-2
- set system vimrc via compiler macros
* Thu Sep 23 2021 Zdenek Dohnal - 2:8.2.3404-2
- remove downstream patch vim-8.0-copypaste.patch - put mouse settings into defaults.vim again
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2004621 - CVE-2021-3778 vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2004621
[ 2 ] Bug #2004728 - CVE-2021-3796 vim: use-after-free in nv_replace() in normal.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2004728
[ 3 ] Bug #2014661 - CVE-2021-3875 vim: heap-based buffer overflow
  https://bugzilla.redhat.com/show_bug.cgi?id=2014661
[ 4 ] Bug #2016056 - CVE-2021-3872 vim: heap-based buffer overflow in win_redr_status() drawscreen.c
  https://bugzilla.redhat.com/show_bug.cgi?id=2016056
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-6988830606' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys