Advisory: CLSA-2025:1761744996
OS: Debian 10 ELS
Public date: 2025-10-29 13:36:38.455308
Project: vim
Version: 2:8.1.0875-5+deb10u6+tuxcare.els3
Errata link: https://errata.tuxcare.com/els_os/debian10els/CLSA-2025-1761744996.html
* SECURITY UPDATE: Buffer Over-read because of invalid cursor position after "0;" range - debian/patches/CVE-2022-1927.patch: check the cursor position when it was set by ";" in the range - CVE-2022-1927 * SECURITY UPDATE: Use After Free in spell command - debian/patches/CVE-2022-2042.patch: initialize "attr", check for empty line early - CVE-2022-2042 * SECURITY UPDATE: Out-of-bounds Read when regex pattern starts with illegal byte - debian/patches/CVE-2022-2581.patch: do not match a character with an illegal byte - CVE-2022-2581 * SECURITY UPDATE: Heap-based Buffer Overflow with for loop over NULL string - debian/patches/CVE-2022-2849.patch: make sure mb_ptr2len() consistently returns zero for NUL - CVE-2022-2849
Update command: apt-get update apt-get --only-upgrade install vim*
vim_8.1.0875-5+deb10u6+tuxcare.els3_amd64.deb vim-athena_8.1.0875-5+deb10u6+tuxcare.els3_amd64.deb vim-common_8.1.0875-5+deb10u6+tuxcare.els3_all.deb vim-doc_8.1.0875-5+deb10u6+tuxcare.els3_all.deb vim-gtk_8.1.0875-5+deb10u6+tuxcare.els3_amd64.deb vim-gtk3_8.1.0875-5+deb10u6+tuxcare.els3_amd64.deb vim-gui-common_8.1.0875-5+deb10u6+tuxcare.els3_all.deb vim-nox_8.1.0875-5+deb10u6+tuxcare.els3_amd64.deb vim-runtime_8.1.0875-5+deb10u6+tuxcare.els3_all.deb vim-tiny_8.1.0875-5+deb10u6+tuxcare.els3_amd64.deb xxd_8.1.0875-5+deb10u6+tuxcare.els3_amd64.deb