Package: vim Version: 2:8.1.0875-5 Severity: serious Tags: security upstream fixed-upstream X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Control: fixed -1 vim/2:8.2.3455-1 Control: close -1
Hi, while looking into vim source, I stumbled into https://github.com/vim/vim/commit/4067bd3604215b48e4b4201e28f9e401b08418e4 Among other things, this change adds "if (spaces < 0) spaces = 0" to block_insert. While this has been fixed in bookworm and later, it is missing from bullseye and earlier. If spaces happens to be < 0, bad things happen when we later vim_memset(..., ' ', (size_t)spaces). A prospective stable update should probably fix this. Helmut