Your message dated Fri, 05 May 2023 00:05:46 +0000
with message-id <[email protected]>
and subject line Bug#1035323: fixed in vim 2:9.0.1378-2
has caused the Debian Bug report #1035323,
regarding vim: CVE-2023-2426
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1035323: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035323
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: vim
Version: 2:9.0.1378-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for vim.
CVE-2023-2426[0]:
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior
| to 9.0.1499.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-2426
https://www.cve.org/CVERecord?id=CVE-2023-2426
[1] https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
[2] https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: vim
Source-Version: 2:9.0.1378-2
Done: James McCoy <[email protected]>
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <[email protected]> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 May 2023 06:24:44 -0400
Source: vim
Architecture: source
Version: 2:9.0.1378-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Vim Maintainers <[email protected]>
Changed-By: James McCoy <[email protected]>
Closes: 1034529 1035323
Changes:
vim (2:9.0.1378-2) unstable; urgency=medium
.
* Backport 9.0.1499 to fix CVE-2023-2426 (Closes: #1035323)
* Backport fix for indenting of Perl subroutines (Closes: #1034529)
Checksums-Sha1:
57b93a9208e6ca56c0d7b814c86427ed9cc3055d 3177 vim_9.0.1378-2.dsc
e5792ad611863fdacc2567f66b3c41468bcc18f7 182176 vim_9.0.1378-2.debian.tar.xz
Checksums-Sha256:
c70ac888d9e17d6a0333e941478ec152300a41497fc289930be70ea7156ff13d 3177
vim_9.0.1378-2.dsc
727456f57809b7e3a5c461cb9d26519b1b7cd9a28673cce744d2416560d82be4 182176
vim_9.0.1378-2.debian.tar.xz
Files:
a934f39defa4a8df0aea055aa1e51bce 3177 editors optional vim_9.0.1378-2.dsc
d2b5328d8a8480595f0b6d2f75937479 182176 editors optional
vim_9.0.1378-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmRURWFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx
QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu
QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9sNPQ/9FnXDGG4jgbU2T+TWPeiJUUkPli00
Wj4Re3gLEwn48N7HDyoVBYO+1iomt9IwaMz9GQsrilhcXaFRH075FsoKP070j7cg
4Ev6ZOAGRgfVJwYgjuWjNxUYlkQH98oRhgzmQ1cIekhr8w0v9Wf29625189Qwp1E
X5ZxAmzU6Ax341TnFvKjuVTFAl8KQNdwDLfvB3lR+iyoN5m37junNqiCANoarmqC
SDR6CPDcSga3+QIpC3XmauiH8Dce5ibA7ahi+dPDgrOGNlrOtKjrCnxtewbQcMTL
LQn6iUFIBY7ukiszZ7WoB3kgI9RuR7BMpTVErQh099RZpWq/0Tqz9zJKmlYEPLO8
zRWW9ssEwhn0dpk7cTpjqf1mlBBq615uotvTYXmShpwGkNDrTxlU1HXRNY1Plq9C
ASeCo+hLt/cmnMuOgcS/LcZASJ9KZ6sbvPg6JI8kyOrb/F09jPR7vqGzbRaI9TG/
5Xf0Vp0eqfp8fW1x7ai4NsLbWkk9PchIxA1vjjFqc1lBvPySGYpIFkPPgmNeNupG
KDu6+kTVgXSidrsVxc4RuH2a9IghI2XUJOLAfl7VQ7Av1fQ0mMGB2YQiFTzEBGo9
XNg70b6dtTwxctStYu6VWySF9g0ykcELRtyUnQC+YMEKejzbOLH1klBBL5CnDgtx
CWI6fX8T7AjJwec=
=pFAb
-----END PGP SIGNATURE-----
--- End Message ---
