Your message dated Mon, 06 Oct 2025 19:21:07 +0000
with message-id <[email protected]>
and subject line Bug#1110898: fixed in vim 2:9.1.1829-1
has caused the Debian Bug report #1110898,
regarding vim: CVE-2025-55157 CVE-2025-55158
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110898: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110898
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: vim
Version: 2:9.1.1385-1
Severity: grave
Tags: security upstream experimental
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for vim.
CVE-2025-55157[0]:
| Vim is an open source, command line text editor. In versions from
| 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim
| script, an error during evaluation can trigger a use-after-free in
| Vim’s internal tuple reference management. Specifically, the
| tuple_unref() function may access already freed memory due to
| improper lifetime handling, leading to memory corruption. The
| exploit requires direct user interaction, as the script must be
| explicitly executed within Vim. This issue has been patched in
| version 9.1.1400.
CVE-2025-55158[1]:
| Vim is an open source, command line text editor. In versions from
| 9.1.1231 to before 9.1.1406, when processing nested tuples during
| Vim9 script import operations, an error during evaluation can
| trigger a double-free in Vim’s internal typed value (typval_T)
| management. Specifically, the clear_tv() function may attempt to
| free memory that has already been deallocated, due to improper
| lifetime handling in the handle_import / ex_import code paths. The
| vulnerability can only be triggered if a user explicitly opens and
| executes a specially crafted Vim script. This issue has been patched
| in version 9.1.1406.
Those affect only the current version in experiemntal, so RC severity
to make sure they are addressed with or along with the move of vim to
unstable.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-55157
https://www.cve.org/CVERecord?id=CVE-2025-55157
[1] https://security-tracker.debian.org/tracker/CVE-2025-55158
https://www.cve.org/CVERecord?id=CVE-2025-55158
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: vim
Source-Version: 2:9.1.1829-1
Done: James McCoy <[email protected]>
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James McCoy <[email protected]> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 06 Oct 2025 14:48:55 -0400
Source: vim
Architecture: source
Version: 2:9.1.1829-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Vim Maintainers <[email protected]>
Changed-By: James McCoy <[email protected]>
Closes: 1109374 1110898 1115819
Changes:
vim (2:9.1.1829-1) unstable; urgency=medium
.
* Upload to unstable
* Merge upstream tag v9.1.1829
* Remove src/LICENSE, src/README.txt, and runtime/doc/tags.ref during clean
* Skip tests for termdebug, since they currently fail on 32-bit
architectures
.
vim (2:9.1.1766-1) experimental; urgency=medium
.
* Merge upstream tag v9.1.1766 (Closes: #1115819)
+ Security fixes:
- 9.1.1400: use-after-free when evaluating tuple fails, (Closes:
#1110898, CVE-2025-55157)
- 9.1.1406: crash when importing invalid tuple, CVE-2025-55158
- 9.1.1551: path traversal issue in zip.vim if files have leading '../',
(Closes: #1109374, CVE-2025-53906)
- 9.1.1552: path traversal issue in tar.vim if files have leading '/',
CVE-2025-53905
- 9.1.1616: xxd: possible buffer overflow with bitwise output,
CVE-2025-9390
* Enable socketserver for vim-nox, vim-basic, and vim-gtk3
* Enable wayland support only for GUI builds
* Drop obsolete transitional package, vim-athena
.
vim (2:9.1.1385-1) experimental; urgency=medium
.
[ James McCoy ]
* Merge upstream tag v9.1.1385
.
[ Kirill Rekhov ]
* d/upstream/metadata: add metadata
* Fix day-of-week for changelog entries 1:6.3-015+1, 1:6.3-010+1, 4.6-2.
Checksums-Sha1:
9bb526bfe1cec72ae3f88d1d2bb03d492a779fa6 3186 vim_9.1.1829-1.dsc
7a7e4cbc8546ec14089630ab182b766e94446445 12814200 vim_9.1.1829.orig.tar.xz
8b413c58f6c60ed80cbae1da700f21a88eaa460a 192192 vim_9.1.1829-1.debian.tar.xz
f6a5f21a1a792e69e51b56818501feb5edc90a55 29011388 vim_9.1.1829-1.git.tar.xz
b46809f71449e81c2aa3c792bced57e714e5bcb6 18216 vim_9.1.1829-1_source.buildinfo
Checksums-Sha256:
12bd9101c3390bc4655fc5f02e0b520ee8042387dd69c3fea137bea0ff113916 3186
vim_9.1.1829-1.dsc
7c3c56f2e4e8d4a362e29cdab3853c2b630b0df38f04c2328c4176157fb1ec31 12814200
vim_9.1.1829.orig.tar.xz
a4edbeffbac5207676fc1d5e1070f107a1bf083f56c8060ae3131363a81bbb6d 192192
vim_9.1.1829-1.debian.tar.xz
001d9d392e92a027be12572568f0feabcdea848d81dc7d47257010231744e560 29011388
vim_9.1.1829-1.git.tar.xz
f3c8368c492fa996b0948d30daf060b2de801d90121e875c909c63b45e81ef96 18216
vim_9.1.1829-1_source.buildinfo
Files:
36baea7fe0d98ac52211a589b2597679 3186 editors optional vim_9.1.1829-1.dsc
c60bcb2ef382844aad4c47231f84f129 12814200 editors optional
vim_9.1.1829.orig.tar.xz
7f31618c3a4c8a732104d1dd77452f1b 192192 editors optional
vim_9.1.1829-1.debian.tar.xz
8f661c1d930263f940db4860a2b9db33 29011388 editors optional
vim_9.1.1829-1.git.tar.xz
1546dd006eed37c0973685027ee534e3 18216 editors optional
vim_9.1.1829-1_source.buildinfo
Git-Tag-Info: tag=7cdc060fd79fb3388fdd6be8a255c449a0d2b1d7
fp=91bfbf4d6956bd5df7b72d23dfe691ae331ba3db
Git-Tag-Tagger: James McCoy <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmjkEEcACgkQYG0ITkaD
wHkO5xAArdd606xvjlsa27d9i9M4OlVLuijAgp3H7FOa1ZHsE9PkAh8VS8MBLfMO
TskpghMi0WDiO9SpopPM9BqMWirBrqDCE/hLxnoYxGElYZ1au7qusFmUDKxB0bOc
Kb9+0pYR8O2cQB6vsMorfUdQBWcRwijZ0yo2dYkLk2r2scuBrUmUCWnP+k+rH8Le
uXDyLmDoXv9755HCx5jzYCub//BHochIntDIwCwu0XhpnPFbIvZkcqfAV/waysT4
whx38TCvL1on1eG3bv/H8K941LO48eysVfS2Bh67PsbpbLF4kXUaUdz9Hwfl09hV
pEtSsJ/+5FxqAyefXRU50BR1KvZMBuSLjorwZWgPGF9ePXCoqfAIlSXGKt2V0hae
0RXJraGPDfNiTL22GKegU7VfF9NZtDqPQ9hzAREP1vv09byexEG/wi0V/t4SxG+G
d4lsJznu9HIddIGAg4W2Fi/TCVtv3O35V5kAYjl01tD8MKeci9bile9XeoB0XV1a
kal19CTRpDvVruoUjGKPCsMusnWLr76v91KWdrqIqq5wZxMNig/bX/Y8k391H6lz
IIBVDowcc3q0FbRXYiXTXpIRSViz8HgkxBdEg8lPkLm1JNu53QK+xDQgh2hA/y7l
RD7JiQ2tY7jzVLWWv4u3H+43wAkfNal+MXEkuk4zSzMruonAGvE=
=TIUM
-----END PGP SIGNATURE-----
pgpSVdkYB4wIt.pgp
Description: PGP signature
--- End Message ---
