From d40c8b31d50c55f6bf2536f2e3ad2af4c6dd5730 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 26 Nov 2022 13:25:45 +0100 Subject: [PATCH] package/vim: security bump to version 9.0.0951 Fix CVE-2022-3705: A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/vim/vim.hash | 2 +- package/vim/vim.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/vim/vim.hash b/package/vim/vim.hash index ef3bc46cdc..03ee908db4 100644 --- a/package/vim/vim.hash +++ b/package/vim/vim.hash @@ -1,4 +1,4 @@ # Locally computed -sha256 f50ab9c023e7c276a61a7076c840d36254ce83691dba28af9ac5c513b6ace3b4 vim-9.0.0709.tar.gz +sha256 c95c9abcf024bd6293ad199e4efa1c09452a9c6456c9cbaf53d896cf7b9f4d08 vim-9.0.0951.tar.gz sha256 0bcab3b635dd39208c42b496568d1e8171dad247cf3da5bab3d750c9d5883499 LICENSE sha256 de04910387a62ad4f9b36b91457c8d5ef32733ac5d768a128071b93f4821fcd1 README.txt diff --git a/package/vim/vim.mk b/package/vim/vim.mk index 22c1eb91a8..d814c68630 100644 --- a/package/vim/vim.mk +++ b/package/vim/vim.mk @@ -4,7 +4,7 @@ # ################################################################################ -VIM_VERSION = 9.0.0709 +VIM_VERSION = 9.0.0951 VIM_SITE = $(call github,vim,vim,v$(VIM_VERSION)) VIM_DEPENDENCIES = ncurses $(TARGET_NLS_DEPENDENCIES) VIM_SUBDIR = src