diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-08-17 20:41:53 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-08-18 13:30:02 +0200 |
commit | 821b8a94bf6a33da86d2e1f956c068d2b6270e40 (patch) | |
tree | 8b29563a041d4681367f421d9fee2782e1a07d2b /patches/source/vim/CVE-2022-2816.patch | |
parent | 834b3a5fc210d2991416f66166351b787bf0fb92 (diff) | |
download | current-821b8a94bf6a33da86d2e1f956c068d2b6270e40.tar.gz current-821b8a94bf6a33da86d2e1f956c068d2b6270e40.tar.xz |
Wed Aug 17 20:41:53 UTC 202220220817204153_15.0
patches/packages/vim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
Fix use after free, out-of-bounds read, and heap based buffer overflow.
Thanks to marav for the heads-up.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2819
(* Security fix *)
patches/packages/vim-gvim-8.2.4649-x86_64-2_slack15.0.txz: Rebuilt.
Diffstat (limited to 'patches/source/vim/CVE-2022-2816.patch')
-rw-r--r-- | patches/source/vim/CVE-2022-2816.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/patches/source/vim/CVE-2022-2816.patch b/patches/source/vim/CVE-2022-2816.patch new file mode 100644 index 000000000..da790fb6d --- /dev/null +++ b/patches/source/vim/CVE-2022-2816.patch @@ -0,0 +1,26 @@ +From dbdd16b62560413abcc3c8e893cc3010ccf31666 Mon Sep 17 00:00:00 2001 +From: Bram Moolenaar <Bram@vim.org> +Date: Sun, 14 Aug 2022 21:46:07 +0100 +Subject: [PATCH] patch 9.0.0212: invalid memory access when compiling :unlet + +Problem: Invalid memory access when compiling :unlet. +Solution: Don't read past the end of the line. +--- + +diff --git a/src/vim9cmds.c b/src/vim9cmds.c +index 35a382138bf3..93032d6bf154 100644 +--- a/src/vim9cmds.c ++++ b/src/vim9cmds.c +@@ -92,6 +92,12 @@ free_locals(cctx_T *cctx) + int + check_vim9_unlet(char_u *name) + { ++ if (*name == NUL) ++ { ++ semsg(_(e_argument_required_for_str), "unlet"); ++ return FAIL; ++ } ++ + if (name[1] != ':' || vim_strchr((char_u *)"gwtb", *name) == NULL) + { + // "unlet s:var" is allowed in legacy script. |