ELA-741-1 vim security update

multiple memory access violations

2022-11-25
Packagevim
Version2:7.4.488-7+deb8u9 (jessie)
Related CVEs CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-3235 CVE-2022-3256


This update fixes multiple memory access violations in vim.

CVE-2022-1785

Out-of-bounds Write

CVE-2022-1897

Out-of-bounds Write

CVE-2022-1942

Heap-based Buffer Overflow

CVE-2022-2000

Out-of-bounds Write

CVE-2022-2129

Out-of-bounds Write

CVE-2022-3235

Use After Free

CVE-2022-3256

Use After Free


For Debian 8 jessie, these problems have been fixed in version 2:7.4.488-7+deb8u9.

We recommend that you upgrade your vim packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.