ELA-733-1 vim security update

denial of service

2022-11-14
Packagevim
Version2:7.4.488-7+deb8u8 (jessie), 2:8.0.0197-4+deb9u8 (stretch)
Related CVEs CVE-2022-2285 CVE-2022-2304 CVE-2022-2946 CVE-2022-3099 CVE-2022-3134 CVE-2022-3234 CVE-2022-3324


Multiple security vulnerabilities have been discovered in vim, an enhanced vi editor. Buffer overflows, out-of-bounds reads and use-after-free may lead to a denial-of-service (application crash) or other unspecified impact.



For Debian 8 jessie, these problems have been fixed in version 2:7.4.488-7+deb8u8.

For Debian 9 stretch, these problems have been fixed in version 2:8.0.0197-4+deb9u8.

We recommend that you upgrade your vim packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support