This bug was fixed in the package vim - 2:9.1.1882-1ubuntu1
---------------
vim (2:9.1.1882-1ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2130146). Remaining changes:
- d/p/0001-fix-flaky-terminal-mode-test.vim:
Fix flaky Vim terminal mode test
- d/p/0002-disable-failing-tests-on-ppc64.patch:
Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- d/p/0003-skip-test-failing-on-s390x-only.patch:
Skip test failing on s390x
- d/p/increase_timeout.diff: Increase timeout for the
Test_pattern_compile_speed patch.
- d/p/debian/ubuntu-grub-syntax.patch: Add Ubuntu-specific "quiet" keyword.
- d/runtime/vimrc: "syntax on" is a sane default for non-tiny Vim.
Dropping changes applied in upstream:
- SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
archives.
+ d/p/CVE-2025-53905.patch: Replace "echohl Error" with call,
remove leading slashes from name, replace tar_secure with g:tar_secure
in
runtime/autoload/tar.vim.
+ d/p/CVE-2025-53906.patch: Add need_rename, replace w! with w,
call warning for path traversal attack, and escape leading "../" in
runtime/autoload/zip.vim.
+ CVE-2025-53905
+ CVE-2025-53906
- SECURITY UPDATE: Data loss when extracting special zip files.
+ d/p/CVE-2025-29768.patch: Substitute special characters in
./runtime/autoload/zip.vim.
+ CVE-2025-29768
- SECURITY UPDATE: Code execution when editing tar files.
+ d/p/CVE-2025-27423.patch: Use escape_file instead of fname in
./runtime/autoload/tar.vim.
+ CVE-2025-27423
- SECURITY UPDATE: Use after free when redirecting display command to
register.
+ d/p/CVE-2025-26603.patch: Change redir_reg check to use
vim_strchr command check in ./src/register.c.
+ CVE-2025-26603
- SECURITY UPDATE: Denial of service.
+ d/p/CVE-2025-24014.patch: fix a segfault in win_line()
in files src/gui.c, src/testdir/crash/ex_redraw_crash,
src/testdir/test_crash.vim.
+ CVE-2025-24014
- SECURITY UPDATE: Crash when file is inaccessible with log option.
+ d/p/CVE-2025-1215.patch: Split common_init to common_init_1
and common_init_2 in ./src/main.c.
+ CVE-2025-1215
- SECURITY UPDATE: Heap-buffer-overflow when switching buffers.
+ d/p/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to
src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.
+ CVE-2025-22134
Dropping changes applied in Debian:
- Revert "patch 9.1.0949: popups inconsistently shifted to the left",
since it breaks vim-youcompleteme's autopkgtests. (Closes: #1091729)
Dropping changes that are no longer needed in Ubuntu:
- d/p/ubuntu-mouse-off.patch: Mouse mode is actively harmful in some
chroots.
Dropping since it causes many issues with the test suite
- d/p/ubuntu-disable-mouse-popup-test.patch: Disable mouse popup test
Is related to ubuntu-mouse-off.patch
- d/s/include-binaries: Add heap_overflow3 test file to include-binaries
Dropping since it was originally added for testdata coming from a security
update, but now the orig tarball actually contains this testdata
* d/p/0002-disable-failing-tests-on-ppc64.patch: Skip
Test_autocmd_SafeState
* d/p/0003-skip-test-failing-on-s390x-only.patch: Skip
Test_linematch_diff_grouping and
Test_diff_overlapped_diff_blocks_will_be_merged
vim (2:9.1.1882-1) unstable; urgency=medium
* Merge upstream patch v9.1.1882
* Build without wayland on hurd
vim (2:9.1.1846-1) unstable; urgency=medium
* Merge upstream tag v9.1.1845
+ 9.1.1843: Extend searchcount() timeout if the test is being re-run due
to flakiness, fixes test failure on slower architectures.
vim (2:9.1.1829-1) unstable; urgency=medium
* Upload to unstable
* Merge upstream tag v9.1.1829
* Remove src/LICENSE, src/README.txt, and runtime/doc/tags.ref during clean
* Skip tests for termdebug, since they currently fail on 32-bit
architectures
vim (2:9.1.1766-1) experimental; urgency=medium
* Merge upstream tag v9.1.1766 (Closes: #1115819)
+ Security fixes:
- 9.1.1400: use-after-free when evaluating tuple fails, (Closes:
#1110898, CVE-2025-55157)
- 9.1.1406: crash when importing invalid tuple, CVE-2025-55158
- 9.1.1551: path traversal issue in zip.vim if files have leading '../',
(Closes: #1109374, CVE-2025-53906)
- 9.1.1552: path traversal issue in tar.vim if files have leading '/',
CVE-2025-53905
- 9.1.1616: xxd: possible buffer overflow with bitwise output,
CVE-2025-9390
* Enable socketserver for vim-nox, vim-basic, and vim-gtk3
* Enable wayland support only for GUI builds
* Drop obsolete transitional package, vim-athena
vim (2:9.1.1385-1) experimental; urgency=medium
[ James McCoy ]
* Merge upstream tag v9.1.1385
[ Kirill Rekhov ]
* d/upstream/metadata: add metadata
* Fix day-of-week for changelog entries 1:6.3-015+1, 1:6.3-010+1, 4.6-2.
vim (2:9.1.1230-2) unstable; urgency=medium
* Backport v9.1.1242 and v9.1.1244 to fix crash when evaluating a variable
name. (Closes: #1106133)
vim (2:9.1.1230-1) unstable; urgency=medium
* Merge upstream tag v9.1.1230
+ Security fixes:
- 9.1.1115: use-after-free in str_to_reg(), CVE-2025-26603
- 9.1.1164: editing a specially crafted tar file allows code execution,
(Closes: #1099610, CVE-2025-27423)
- 9.1.1198: potential data loss with zip.vim and crafted zip files,
(Closes: #1101016, CVE-2025-29768)
vim (2:9.1.1113-1) unstable; urgency=medium
[ James McCoy ]
* Merge upstream tag v9.1.1113
+ Security fixes:
- 9.1.1003: heap-buffer overflow with visual mode when using :all,
CVE-2025-22134
- 9.1.1043: segfault in win_line(), CVE-2025-24014
- 9.1.1097: crash when using --log with non-existent path, CVE-2025-1215
[ Andrea Pappacoda ]
* Drop backspace and history from debian.vim (Closes: #1095155)
vim (2:9.1.0967-2) unstable; urgency=medium
* Revert "patch 9.1.0949: popups inconsistently shifted to the left",
since it breaks vim-youcompleteme's autopkgtests. (Closes: #1091729)
-- Nadzeya Hutsko <[email protected]> Fri, 28 Nov 2025
14:26:41 +0100
** Changed in: vim (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-1215
** CVE added: https://cve.org/CVERecord?id=CVE-2025-22134
** CVE added: https://cve.org/CVERecord?id=CVE-2025-24014
** CVE added: https://cve.org/CVERecord?id=CVE-2025-26603
** CVE added: https://cve.org/CVERecord?id=CVE-2025-27423
** CVE added: https://cve.org/CVERecord?id=CVE-2025-29768
** CVE added: https://cve.org/CVERecord?id=CVE-2025-53905
** CVE added: https://cve.org/CVERecord?id=CVE-2025-53906
** CVE added: https://cve.org/CVERecord?id=CVE-2025-55157
** CVE added: https://cve.org/CVERecord?id=CVE-2025-55158
** CVE added: https://cve.org/CVERecord?id=CVE-2025-9390
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130146
Title:
Merge vim from Debian Unstable for resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/2130146/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
