From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) by sourceware.org (Postfix) with ESMTPS id 5C21C3858C54 for ; Fri, 17 Nov 2023 22:14:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5C21C3858C54 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=Shaw.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=shaw.ca ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5C21C3858C54 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=3.97.99.33 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700259272; cv=none; b=BeIdc2cMRA57wvdk2gwjXgYnswksd3SmcP3bOMZV1K46FDVEo7e0qECOAHnKMrEY6idB3fa/DlF8plSGUg2GpOIvP4MYwqTqZyU3I9l4no4Bza8QuQMcuuOqG4OObq8nRJYrMOkKUl2UVSsZ1SlqvxZLkxGNWmjSo5CucuNsO5c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700259272; c=relaxed/simple; bh=GffNE5GCbvY4n8zistkxNJX4WldT2QI4JvRVvTnEwQE=; h=DKIM-Signature:Message-ID:Date:MIME-Version:From:Subject:To; b=vq7xzmx10PIhhnfwdJ+exIy/bDP44m2pYhTggLk0ZOXbxmmtgLBlGp9XpjJ1JK8h8GCHAbNqI/PP5AkiXtxi+LGMKd9G7FbXYIBMtgNRWqweKHH8e6n2eJZKxkOI/wpvZHIhs3bARlYz68cQOVv4FFfJTP8WDHRCYR1Ephyvl0o= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from shw-obgw-4004a.ext.cloudfilter.net ([10.228.9.227]) by cmsmtp with ESMTPS id 3yrZr89QnB0n0476broF00; Fri, 17 Nov 2023 22:14:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=shaw.ca; s=s20180605; t=1700259269; bh=GffNE5GCbvY4n8zistkxNJX4WldT2QI4JvRVvTnEwQE=; h=Date:From:Reply-To:Subject:To:References:In-Reply-To; b=wDPdAvoFUfLJ4XmW/58wkJKoJhiSw2f8qW10vSJd3CJKE8xvLENYdhwz0L6Rf6/Wt wZm7BRY4IK5Htha3am9F/M7BYu1ZnLypjdVdpgJF2YctcxsP1Q3aqbGIjfYhjoOVkL 2wbCPZPBmkXhejPWV5bbMHLKi+3XQp3uCGD82nh9hECHf2gLMZ98yd4s80J9KhAVbr klgval/pttOGOutdhUBSlXwBXPu8L9pMT8HzhFji4Fh+nkYQjKqYAOc86qTCKVKjiH eGkjXnh/shcPPAjcNka67ZjevIQsH4rMxUpEXUHR34R/MMZKVZbjLMmWxL43oUt49n iTjVEtTOjLp6w== Received: from [10.0.0.5] ([184.64.102.149]) by cmsmtp with ESMTP id 476br4UMvDqGY476brlviP; Fri, 17 Nov 2023 22:14:29 +0000 X-Authority-Analysis: v=2.4 cv=Cousz10D c=1 sm=1 tr=0 ts=6557e5c5 a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17 a=IkcTkHD0fZMA:10 a=NEAV23lmAAAA:8 a=3L6Nh-GTAAAA:8 a=uNaNvZzx7LivvJRsurcA:9 a=QEXdDO2ut3YA:10 a=izEBCtx8DkBWphcOf488:22 Message-ID: Date: Fri, 17 Nov 2023 15:14:29 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Brian Inglis Reply-To: Brian.Inglis@Shaw.ca Subject: Re: Could we get Vim 9 packaged to fix CVEs Content-Language: en-CA To: cygwin@cygwin.com References: <122a988f-97dd-458a-9bc9-42a526e1b1e5@Shaw.ca> Organization: Inglis In-Reply-To: <122a988f-97dd-458a-9bc9-42a526e1b1e5@Shaw.ca> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-CMAE-Envelope: MS4xfGK9jqKLN+Ndia3ZbUh9RN46xUNfx9skBiyN+B1uCEgOezHmxR3XlDXptRFE53cHPCgK/VURf24ykboJxArAMThpYKWL1oFTdfg8rJ7jFC0kWlO5voMZ 1YA5kSNKRQIiUg1Q81xJEB/5KVp7+DQNopn5WyjkYEY3MbttUlJ/+CNSVnek8siX7VEXzT/YICE2vw== X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,BODY_8BITS,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,KAM_LOTSOFHASH,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-11-12 15:27, Brian Inglis via Cygwin wrote: > On 2023-11-09 09:35, Jack S via Cygwin wrote: >> Would it be possible to update the vim packages with Vim 9, please? > Also now: >     https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm Expanding above: CVE-2023-46246: Integer overflow in :history Ex-Command in Vim < 9.0.2068 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm fixed in Vim patch 9.0.2068 https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a New: [vim-security] several minor security issues in Vim v9.0.2106-v9.0.2112 https://seclists.org/oss-sec/2023/q4/218 CVE-2023-48231: Use-After-Free in win_close() https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 fixed in Vim patch 9.0.2106 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw fixed in Vim patch 9.0.2107 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce CVE-2023-48233: overflow with count for :s command https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj fixed in Vim patch 9.0.2108 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 CVE-2023-48234: overflow in nv_z_get_count https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq fixed in Vim patch 9.0.2109 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca CVE-2023-48235: overflow in ex address parsing https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g fixed in Vim patch 9.0.2110 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 CVE-2023-48236: overflow in get_number https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 fixed in Vim patch 9.0.2111 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 CVE-2023-48237: overflow in shift_line https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 fixed in Vim patch 9.0.2112 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry