From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2066.outbound.protection.outlook.com [40.107.237.66]) by sourceware.org (Postfix) with ESMTPS id 2B512385AE75 for ; Tue, 12 Jul 2022 14:43:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 2B512385AE75 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lqUOEo+ETGhFjcvVSqLgUDbV0ocD9ID5adyryIDS/Uc2ivEY3Zfa0fn4Jld776NaZq3VOD9kLJqEbmYo6m4e0fqrx3LVzpiZMQPsPKF3AfMeyj6oRfTHUZHhXZtMUUFbQuQshUBIzS5uGgPJK5gZjaH3dA2dlv5iHtfQuMPKO4WkOqNLebLz32Ii5+q2n43t/qeiqhchCg262s4AhyfewUKOLmjrE7Xj/wfvpedQala98jL0gzTC/O3ngyWwa1LUo+VN28WoGfBOyXKgjcTkvEwVJmHy01WBW5ToGXWBGsExTfynyLkiDni7jiozmVWeo+f1kqbieRqlBx/OqVylNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IIkRevX9PPl+Z6f//FU6n6mcxbZKDXRVTMb52dh83tU=; b=OVdJVazxrW4BZaiGDnd4IfSkbL7erG/vTTprjBTaYW3EyiswqDNnp1GxPDPbSLC0RXkIsUN1X7iFyyiTbGlorT9qDHlmtpDDRViYNaQh95eC1nWA3ttRrSMqAy+qeBxcbmmQVapbPxlSGrcELXZJTtA/EASzP2WbMDoNHgFJdb9wmP/Vkz0ba2UKyYNJJvSbT9LZkPXDnM2VzklbZKsMGR0qiMfUttZSFjIBAV2O1w1l43TOv8Vj94pQaOZ8vhuqW32FdSsFHXf5f44Ey7hcVA5bkTpM2qDDgQS8NTUA56MdfYYfGUCOIyxRxHENJy+AO+C6y9e2FyEHmN6NCpcYxA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=alumni.caltech.edu; dmarc=pass action=none header.from=alumni.caltech.edu; dkim=pass header.d=alumni.caltech.edu; arc=none Received: from MW4PR03MB6523.namprd03.prod.outlook.com (2603:10b6:303:126::6) by SA2PR03MB5915.namprd03.prod.outlook.com (2603:10b6:806:fa::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.20; Tue, 12 Jul 2022 14:43:24 +0000 Received: from MW4PR03MB6523.namprd03.prod.outlook.com ([fe80::b109:38f5:a610:9334]) by MW4PR03MB6523.namprd03.prod.outlook.com ([fe80::b109:38f5:a610:9334%7]) with mapi id 15.20.5417.026; Tue, 12 Jul 2022 14:43:24 +0000 Date: Tue, 12 Jul 2022 07:43:20 -0700 From: Lester Ingber To: cygwin@cygwin.com Subject: vim overflow for version < 9.0 ? Message-ID: Reply-To: Lester Ingber Mail-Followup-To: cygwin@cygwin.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-ClientProxiedBy: MW4PR03CA0296.namprd03.prod.outlook.com (2603:10b6:303:b5::31) To MW4PR03MB6523.namprd03.prod.outlook.com (2603:10b6:303:126::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fc51b92e-4bd7-4b7a-5d83-08da6414ded8 X-MS-TrafficTypeDiagnostic: SA2PR03MB5915:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4D/t8IRc4v6oIkO2UpYypIg6z1UlAXIJfRtnpTNtIIpkcZOFb+tD7C3tACtjSypNoPJY9w15+P5n+ASR/Dux4xKcOoGPprtbAfqSTA1pIId95KbGQKn37Y3RAcTUTtj2AivUth5IYv3VBuD4BpnU/N2Alk86DSL3MpgRVq7zO30o7vE+6fw03RYee0CkEVxHtEuKQDB4ATx2xBAbtA1+r8XS5HVNOYSv8EorrProJCKazhPPhQbgwPoPh9M6NMadI2X868KuRMykzj7ivCuVgZEtHPvzEC+BBs+Pz8F9OntgqJkCFYYDzom8l17RNUKXaEmIfSVU0+LRrH6ZSyxusxfEI2Q+WGB/TVhkMb+YZ4FIVEKhIS+FwFlk5JVFq4y4ivgvqBXX4LjiOPQM0t0x4rehdCy6RQEqA7CP/aeTcMutQqiilhf+Ss/3CT15NfKVwgRJZeeC3hxdH/RkWrW5xL01k/T1zHgGLCFw0yaSdwWtM4qRwHB6ibsr1pbtrVu9EWdcpo+7KFIIt54+XrQCuxNEgOwI0Lu5vjf2P8ItfeOMTs7PYjMqFwqcyITFhYfxqzddpXI2tubyUNPkt+ji7I3wBT15wzK0yD/cCfvMidWSShPFXK47jguXABDGAaf6fSc9KvHdcVTycG9hznq4Q8NUbfW0mpCLuwd1MMrW/pU5RKm6Xvb7P0pejbLmHB7mndTQXvz74GFmu12LlhNjrMtBQfS6NKHKP4nSUV7wu4LRlyDShkJagVCMneJeF0YkArkld3n3dMoJ9/uUdxrZDXmQq8TVofONmx5V8SCvfPMsyLPAsRVoy1T3Tr/cylEr X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW4PR03MB6523.namprd03.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(346002)(136003)(366004)(396003)(376002)(39860400002)(26005)(38100700002)(6666004)(52116002)(5660300002)(6512007)(9686003)(41300700001)(38350700002)(6506007)(3450700001)(36756003)(4744005)(8936002)(2906002)(75432002)(41320700001)(66946007)(83380400001)(8676002)(86362001)(186003)(66556008)(316002)(6486002)(66476007)(786003)(6916009)(478600001)(67856001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?d927GefkVs1eGkE+UlUAGJN6lxSzv9H6E1RftdHBKvXjvbCwOFe5RV+rMqe1?= =?us-ascii?Q?VXvc2VxdCPK4L52hDIObxdXfD2df7PK8ccgYdNnaKhCGaGbk4gTaFJsK8+i9?= =?us-ascii?Q?52d2PgArtfFaWNfYSyefqByO9Ihtfbxzur67FmxzRfvgzF6xGyXWacBDwMH1?= =?us-ascii?Q?en5RV92Jgt4qnYTUBx1jQZv658BvJUOdXFNcTjEh0SY4dBv8e/hj72nMLTYY?= =?us-ascii?Q?vcYHGHBS64Fdsq7DFkJcD6KyrATcEsWiSRlksLFWR3VPrIAg0arfXAepLBVl?= =?us-ascii?Q?b6hZduH/IQrrO+3xKfeTeCTVJ+BG817Vh2Rbs+IOhegvVp4dl+eS4/PnPetl?= =?us-ascii?Q?Y8Mrr2xMZb5s4scUV81sHowGXl4TEotn9l49P8GxCGyBs4R5//0AtNQ7QmW3?= =?us-ascii?Q?KF+FKi08HH6E9aRqvPRCa9xAcFVdAaUj1OF27V0ivRLo0F30mP54i3R4TYSd?= =?us-ascii?Q?XeyZ0H4UCgLb+6f85BB5GO7xj1w3Y8Diuu1xD/F/WIdIrf2vsbxcRHlefBsO?= =?us-ascii?Q?l0RY4ebUInG7aQ3i7+9DRRpjp1ZTDkESqxQxiOryuHGXJFSYiFs2eZFdGqLh?= =?us-ascii?Q?jeGJTKSyMm5Lr4/TBAFxoRPOdL08eC28+iPe7nXptaNfxizPuzXnu5Ae4PbM?= =?us-ascii?Q?06PO+W3yRDKapfT9DRKFxlngbSzEovZP/dDPQenEBHOazDgOo+rAnkGs3vtf?= =?us-ascii?Q?etaC/+k+TeXDeDPAilY1JknBylvFYhjjtVcTO0GKDRPfNnUaL7NnMeauJObE?= =?us-ascii?Q?t9iLOxVprzjGrmxe4kJRK3k8V6uHS/w/drog2ta/4U92K6ovkeWbVeKcjkWC?= =?us-ascii?Q?G6LwFgEDrigAjH1TlUg3+1qLGBdKnf4CELcYO+Rvy5uVzAmR7WSXuY/gtZOV?= =?us-ascii?Q?PzVzJQBV5AwLI6os0yY2k6Oq5Yr43Wiut2zgXzxgO+3V++Ubwr5MDUKovF5V?= =?us-ascii?Q?KJ1Sh/f7W23n3a5WKlhVyknroJqSxbRYpM9Hk8P4Yd8MKUiv/i/NKkZFWMF+?= =?us-ascii?Q?SnJfHEnfAxMu/gK1lx+xhbgmzMs/cQ+k6392Up79jUEgd/7eF38TDUU8son3?= =?us-ascii?Q?hiGUIkQFwzIb0MBL/J3yQGxNhmI/9vfcLJI2nv3K9+2VJ5MlpY4OaZ6Mx8NF?= =?us-ascii?Q?So8eLQuNvJGuShE9i43uVXe66cz9TJrayBafIOXcRrb/8JSNV3J/bAmcpiH8?= =?us-ascii?Q?Ukp5t1oxik/SLXeuEtJode3XRqH6JwTcZP1R+CD2rCBdRiM82kwLruAsZDvp?= =?us-ascii?Q?RmZuQeP3jE80RjzzK5TOGE5CdcV93PigeQHnrxvZYDClFFlQibrAQGrG/DYO?= =?us-ascii?Q?RcrhD+4aWd5wCcZdvEELtVwRXgH7FUYelrMiHE9Pm805/QeONdQNZrbyUB1P?= =?us-ascii?Q?mcKmeNh01PVU06cQxtl/Dt9ulqUC4CK216gGezDk5RD9yRSXvHGgzJwC4dtt?= =?us-ascii?Q?jJg3aUC/CTZ81L9s5zS+LmQF0104/LjAVbox1sRrktqEVVpVCLgXszvinAo2?= =?us-ascii?Q?ofm26Luu0QIvm2jlc41yYCI45/INZaQ4+7ZsMF/nIWqSQA+lzn6i1omzv+76?= =?us-ascii?Q?hcdfBO1xkJKz6g2ejpMlNwpt8+qa6SSAOiVBwhFjQd/VZSmxYj/ho6irQ4dd?= =?us-ascii?Q?t5X8zTvqR5OBCwhfyMX5YZk=3D?= X-OriginatorOrg: alumni.caltech.edu X-MS-Exchange-CrossTenant-Network-Message-Id: fc51b92e-4bd7-4b7a-5d83-08da6414ded8 X-MS-Exchange-CrossTenant-AuthSource: MW4PR03MB6523.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2022 14:43:23.8595 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fd5be9d9-7b72-4df9-830e-b1f9cc5b44bd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pa3P0EgKltGblyVRG0+Tp4VnxmfcLtxEy86BsGZRJvAyPj3TqVsH+6k+pHOyss9ZT99DjVzlhuVP7u4eZuLuNqLu/I88zSMm1Kra+cWB0umAG0q//ravL9GfRdwjw0rC X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR03MB5915 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Jul 2022 14:43:27 -0000 This was just reported by US-CERT : We are running VIM - Vi IMproved version 8.2.4372. Medium Vulnerabilities vim -- vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-01 6.8 CVE-2022-2264 MISC CONFIRM vim -- vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. 2022-07-02 6.8 CVE-2022-2284 CONFIRM MISC vim -- vim Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. 2022-07-02 6.8 CVE-2022-2285 MISC CONFIRM vim -- vim Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 6.8 CVE-2022-2286 CONFIRM MISC vim -- vim Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. 2022-07-02 5.8 CVE-2022-2287 MISC Lester