From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=nK9c=HI=gmail.com=marco.atzeri@sourceware.org>
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d])
	by sourceware.org (Postfix) with ESMTPS id 99DF93858D33
	for <cygwin@cygwin.com>; Mon, 27 Nov 2023 06:48:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 99DF93858D33
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 99DF93858D33
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::62d
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701067703; cv=none;
	b=B2yJuzK7FKotPM39mclhlzQ8B2nRrUq5Pm1KlbZO1tjbMbedVnYddNCVd1SIyaCJu6Sia2U2sif6KlwklxpESFMztQqQD5/hJaWJOpc3p7tJ2dnoCVvTf3+GuoAOAVpZTYnSoAH3iqGjf/8Iq4wSMk6onNJciI6soQ4lCNEeyiA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1701067703; c=relaxed/simple;
	bh=lST1A1xxM/o2LnQXHSoQo2fA4dvB9+2i0w3gh+jiGi0=;
	h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=As3a97K39uzc6T+O1KY3lz/JHnhuf9aGVhWRdZlrEg1u4c07lqP2Rv+hJISE0XSy/8opXPZD9CWbv8qCzITc2SosnSvlgl2ERRwdZB3BFh6EmEoFUjIAG8XIYXATbzEY+u8DA2Kk5pob3F0lAKP+6/skJKsIVg/dmklscTw5n0A=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-9fa45e75ed9so525932666b.1
        for <cygwin@cygwin.com>; Sun, 26 Nov 2023 22:48:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1701067699; x=1701672499; darn=cygwin.com;
        h=content-transfer-encoding:in-reply-to:from:references:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=Mrow5RgHiP8mNWuhEov0u18LjZX9e6wL9fqWytFpceE=;
        b=WDVLzmzgX8u+hxh0oRvIHYRzqGzn0pEwIOmY+QrBFC3xOE8EHwhpEeZk2jXzCjx3C4
         Oy01Tg/WeA6inb1C7kwPnVmA4pxdDCWjV/+O/QOL26E5Yn0HtGBGiHXLr9HkWXHKV13N
         +4E/nD4iKt6/Y2Gd6stPdM8xqPWGzF2vIVw7etXyUq5ucGTGEs9QWJQ5RHac6qe63Omd
         pHD552fZOMWk5oAsDYoap2NBggldDvGEkRCQJspqaqJ+4uOtae0gHxaaA1/QOScqWvPV
         tUuJGc51TsTnMIob8wmKj81Xm5kLhgSUKZ1N/Kj0r0IMUOmJRmJUSKLd7Gctge/bZCG2
         EWgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701067699; x=1701672499;
        h=content-transfer-encoding:in-reply-to:from:references:to
         :content-language:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Mrow5RgHiP8mNWuhEov0u18LjZX9e6wL9fqWytFpceE=;
        b=qYNZMXIGSeqwcKxA4T5NrPerBlvjNm6pWWkFRJ96Z4uJzKsYYMAys5dpERlC9KiD3E
         lN5RJegrdUfxxAMIW5U0PYG349wghljkqrHENHa+cueotyRVEqjdTp5bUb75qgcXHWUI
         tjmm9P64+yObeaArpSQNIiJYcwv3ntc7yX+gXKLiOP/AS1gA6fVJcIl7RUccykHFR/v5
         1O8LP9MmuaoSnmCsPOqTto5jDoSkzJTkmBI57kHMSsN9iu+Is9iqVb2GqXnRfP08BqqR
         8JF9O0jZiWZdjfYiiinFjjFZNH/xXLaRw2VAHIWAeHbKZS+G9YgZypDfv+dzuvDnSVIQ
         E/yw==
X-Gm-Message-State: AOJu0YzHVVvW1/b2qcJslw68QwLsvdcPWqfydm8YMAFwayb3H8civpnD
	xES6lecLAsGCP+BKWCBtRqvhn9RSAMw=
X-Google-Smtp-Source: AGHT+IHrY+c+gFXKfKdKXsBFGT+QDNYy6fCRHxzB+uIx1svd5QJiKt20B0hKQbD46D10/y3DliVC+Q==
X-Received: by 2002:a17:906:3787:b0:a02:9700:bf53 with SMTP id n7-20020a170906378700b00a029700bf53mr7213125ejc.46.1701067698889;
        Sun, 26 Nov 2023 22:48:18 -0800 (PST)
Received: from ?IPV6:2001:a61:126f:2c01:c098:3e56:f062:2ff5? ([2001:a61:126f:2c01:c098:3e56:f062:2ff5])
        by smtp.gmail.com with ESMTPSA id sd22-20020a170906ce3600b009fc576e26e6sm5334633ejb.80.2023.11.26.22.48.18
        for <cygwin@cygwin.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sun, 26 Nov 2023 22:48:18 -0800 (PST)
Message-ID: <8ad53231-51d0-4d05-8096-29237316b83d@gmail.com>
Date: Mon, 27 Nov 2023 07:48:17 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Could we get Vim 9 packaged to fix CVEs
Content-Language: it
To: cygwin@cygwin.com
References: <CAN3V7BRCjqUU0h3pGgrQg7y-jDLLGEbtsXMzCjtWENFaGrGf+Q@mail.gmail.com>
 <122a988f-97dd-458a-9bc9-42a526e1b1e5@Shaw.ca>
 <bf424fdc-2f78-4182-bb92-40cd64f80414@Shaw.ca>
From: Marco Atzeri <marco.atzeri@gmail.com>
In-Reply-To: <bf424fdc-2f78-4182-bb92-40cd64f80414@Shaw.ca>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_00,BODY_8BITS,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <cygwin.cygwin.com>

On 17.11.2023 23:14, Brian Inglis via Cygwin wrote:
> On 2023-11-12 15:27, Brian Inglis via Cygwin wrote:
>> On 2023-11-09 09:35, Jack S via Cygwin wrote:
>>> Would it be possible to update the vim packages with Vim 9, please?
> 
>> Also now:
>>      https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
> 
> Expanding above:
> 
> CVE-2023-46246: Integer overflow in :history Ex-Command in Vim < 9.0.2068
> https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm
> fixed in Vim patch 9.0.2068
> https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a
> 
...

Noted

Regards
Marco