<html>

    <head>

      <base href="https://bugzilla.rosalinux.ru/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Platform</th>

          <td>2021.1

          </td>

        </tr>

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_CONFIRMED "

   title="CONFIRMED - [CVE 21] vim 9.0.1021 CVEs found"

   href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13339">13339</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[CVE 21] vim 9.0.1021  CVEs found

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>ROSA-based products

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>ROSA Fresh

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>URL</th>

          <td>CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-1355,

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>CONFIRMED

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>System (kernel, glibc, systemd, bash, PAM...)

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>QA Contact</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>s.matveev&#64;rosalinux.ru, y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Target Milestone</th>

          <td>---

          </td>

        </tr>

        <tr>

          <th>Flags</th>

          <td>secteam_verified?

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Please patch CVEs for package vim version 9.0.1021

INFO (CVEs are): vim 9.0.1021

 cves found

CVE-2023-0049

Desc: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0049">https://nvd.nist.gov/vuln/detail/CVE-2023-0049</a>

Severity: HIGH

CVE-2023-0051

Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to

9.0.1144.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0051">https://nvd.nist.gov/vuln/detail/CVE-2023-0051</a>

Severity: HIGH

CVE-2023-0054

Desc: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0054">https://nvd.nist.gov/vuln/detail/CVE-2023-0054</a>

Severity: HIGH

CVE-2023-0288

Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to

9.0.1189.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0288">https://nvd.nist.gov/vuln/detail/CVE-2023-0288</a>

Severity: HIGH

CVE-2023-0433

Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to

9.0.1225.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0433">https://nvd.nist.gov/vuln/detail/CVE-2023-0433</a>

Severity: HIGH

CVE-2023-0512

Desc: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0512">https://nvd.nist.gov/vuln/detail/CVE-2023-0512</a>

Severity: HIGH

CVE-2023-1127

Desc: Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1127">https://nvd.nist.gov/vuln/detail/CVE-2023-1127</a>

Severity: HIGH

CVE-2023-1170

Desc: Heap-based Buffer Overflow in GitHub repository vim/vim prior to

9.0.1376.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1170">https://nvd.nist.gov/vuln/detail/CVE-2023-1170</a>

Severity: MEDIUM

CVE-2023-1175

Desc: Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior

to 9.0.1378.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1175">https://nvd.nist.gov/vuln/detail/CVE-2023-1175</a>

Severity: MEDIUM

CVE-2023-1264

Desc: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1264">https://nvd.nist.gov/vuln/detail/CVE-2023-1264</a>

Severity: MEDIUM

CVE-2023-1355

Desc: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1355">https://nvd.nist.gov/vuln/detail/CVE-2023-1355</a>

Severity: MEDIUM</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the QA Contact for the bug.</li>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>